Hi Christian, thank you for the information and the grep command :-).
After dealing with some other problems the last days, I'm back to ModSec today. I will report everything I encounter. Regards, Heinrich P.S. Going to switch to 3.0/dev for further testing. Am Freitag, den 18.11.2016, 16:06 +0100 schrieb Christian Folini: > Hello Heinrich, > > Another well spotted bug. Thank you. It's funny how a new pair of > eyes > spots bugs in corners ignored by experienced users. > > The support for the "ver" action is only partial. In fact there are > more than only the blocking rules that come without the "ver" action. > > I have opened a bug report for this issue: > https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/650 > > I flagged it for CRS 3.1.0. There is a chance, this will be made > available for 3.0.1, but I doubt it as it's quite a bit of work > and not crucial for the correct functioning of the rule set. > > In your situation, you are best off with the following construct > including the mandaory regular expression : Note how the CRS rules > are all in the 900K range, but we lately claimed the 9M range too; > hence {5,6}. > > $> cat error.log | egrep "id \"9[0-9]{5,6}\"" > > Keep these bug reports coming, please. > > Best, > > Christian > > > > On Thu, Nov 17, 2016 at 02:27:14PM +0100, Heinrich M. wrote: > > > > Hi, > > > > while playing around with the rule set and adding some custom > > rules, I > > found that the blocking rules miss the version tag within Apache's > > error log. Is there a reason for this? As fas as I could see, every > > other rule is tagged with [ver "OWASP_CRS/3.0.0"] but I may be > > missing > > something. > > > > I'd like to grep for '[ver "OWASP_CRS/3.0.0"]' in order to separate > > log > > entries from custom rules from the CRS rules. I know that this can > > also > > be done by rule IDs but those regexes are hard ;-). > > > > Regards, > > > > Heinrich > > _______________________________________________ > > Owasp-modsecurity-core-rule-set mailing list > > Owasp-modsecurity-core-rule-set@lists.owasp.org > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rul > > e-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
