Re: [Owasp-modsecurity-core-rule-set] Syntax error on line 51 of /etc/modsecurity/activated_rules/modsecurity_crs_16_session_hijacking.conf

Wed, 19 Mar 2014 06:46:00 -0700

Woops, that's actually a new contribution by me. My bad.
I guess a newbie like me needs more supervision on Pull requests =S

The problem is actually on line 49, which specifies a "chain" where it should not.
On line 49, replace:

SecRule TX:1 ".*" "chain,t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"

with:

SecRule TX:1 ".*" "t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"

Issuing a pull request right now.

So sorry, everyone.

Ramy Darwish


On 19/03/2014 13:58, Jamie Jackson wrote:
Hi Folks,

[Server version: Apache/2.2.22 (Ubuntu)]

I'm following along with this guide (http://www.thefanclub.co.za/how-to/how-install-apache2-modsecurity-and-modevasive-ubuntu-1204-lts-server), and I got to the apache restart command just before section 5.

However, I'm getting a rule error:

$ sudo service apache2 restart
[sudo] password for jamie: 
Syntax error on line 51 of /etc/modsecurity/activated_rules/modsecurity_crs_16_session_hijacking.conf:
ModSecurity: Disruptive actions can only be specified by chain starter rules.
Action 'configtest' failed.
The Apache error log may have more information.
   ...fail!

The line referenced is the last line of the file (the second of the following):

SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981064',nolog,pass,t:none"
        SecRule REQUEST_HEADERS:User-Agent ".*" "t:none,t:sha1,t:hexEncode,nolog,setvar:session.ua_hash=%{matched_var}"

I have zero experience with ModSecurity yet, so I can't troubleshoot.

Please help me get past this.

Thanks,
Jamie


_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set




_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to