Ours looks like;
SecMarker BEGIN_ACCEPT_CHECK
SecRule &REQUEST_HEADERS:Accept "@eq 0" \
"chain,phase:2,rev:'2.0.5',t:none,nolog,auditlog,msg:'Request
Missing an Accept Header',
severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10'"
SecRule REQUEST_METHOD "!^OPTIONS$"
"skipAfter:END_ACCEPT_CHECK,t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecRule REQUEST_HEADERS:Accept "^$" \
"chain,phase:2,rev:'2.0.5',t:none,nolog,auditlog,msg:'Request
Has an Empty Accept Header',
severity:'2',id:'960021',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$"
"t:none,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.protocol_violation_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecMarker END_ACCEPT_CHECK
-Emmanuel
From: Ryan Barnett [mailto:rbarn...@trustwave.com]
Sent: Thursday, February 28, 2013 2:02 PM
To: Emmanuel Darko; owasp-modsecurity-core-rule-set@lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] Problem starting Apache due to
Modsecurity. Need Help
From: Emmanuel Darko <eda...@promnetwork.com<mailto:eda...@promnetwork.com>>
Date: Thursday, February 28, 2013 10:44 AM
To:
"owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>"
<owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>>
Subject: [Owasp-modsecurity-core-rule-set] Problem starting Apache due to
Modsecurity. Need Help
We use Apache RHEL 5 and we administered a patch at the a couple of days ago
and Apache would not start due to error shown below;
Syntax error on line 47 of
/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_21_protocol_anomalies.conf:
ModSecurity: SkipAfter actions can only be specified by chain starter rules
Any help with this as Google has not helped much.
Emmanuel
See line 47 here -
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/base_rules/modsecurity_crs_21_protocol_anomalies.conf
What does yours look like?
-Ryan
________________________________
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format._______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
