If I comment this line everything works: SecRequestBodyAccess On
But this should be enabled. Any suggestions? > On Aug 22, 2017, at 6:16 PM, Georgi Georgiev <geo...@serversolution.info> > wrote: > > Hello, > If I enable crs for this domain on the Joomla search of the site it returns > 400 bad request, but the modsec is in detection only mode. No rule is matched > as I see. If I turn off the modsec everything is ok. This is the audit log if > it helps: > > [22/Aug/2017:17:08:15 +0300] IcAcAcVcAcccAcAcAAxcAcAc 77.70.108.119 53428 > 127.0.0.1 80 > --bc7c6349-B-- > POST /index.php HTTP/2.0 > host: www.plevensport.eu <http://www.plevensport.eu/> > content-length: 86 > cache-control: max-age=0 > origin: https://www.plevensport.eu <https://www.plevensport.eu/> > upgrade-insecure-requests: 1 > user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36 > content-type: application/x-www-form-urlencoded > accept: > text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 > referer: https://www.plevensport.eu/index.php > <https://www.plevensport.eu/index.php> > accept-encoding: gzip, deflate, br > accept-language: en-US,en;q=0.8 > cookie: 53f8f9fad3d3789bffbdbce160246b7e=3b72edc95ab809ce6dc6b3755305adf1; > __utmt=1; _c=y; > __utma=155943930.1578748701.1503409083.1503409083.1503409083.1; > __utmb=155943930.9.10.1503409083; __utmc=155943930; > __utmz=155943930.1503409083.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) > > --bc7c6349-C-- > searchword=%D0%BF%D0%BB%D0%B5%D0%B2%D0%B5%D0%BD&task=search&option=com_search&Itemid=1 > --bc7c6349-F-- > HTTP/1.1 400 > Server: ws-httpd > Content-Type: text/html > Content-Length: 568 > Connection: close > > --bc7c6349-E-- > <html> > <head><title>400 Bad Request</title></head> > <body bgcolor="white"> > <center><h1>400 Bad Request</h1></center> > <hr><center>nginx</center> > </body> > </html> > <!-- a padding to disable MSIE and Chrome friendly error page --> > <!-- a padding to disable MSIE and Chrome friendly error page --> > <!-- a padding to disable MSIE and Chrome friendly error page --> > <!-- a padding to disable MSIE and Chrome friendly error page --> > <!-- a padding to disable MSIE and Chrome friendly error page --> > <!-- a padding to disable MSIE and Chrome friendly error page --> > > --bc7c6349-H-- > Message: Audit log: Failed to lock global mutex: Permission denied > Apache-Handler: IIS > Stopwatch: 1503410895000281 417063 (- - -) > Stopwatch2: 1503410895000281 417063; combined=44304, p1=732, p2=42473, p3=47, > p4=723, p5=229, sr=148, sw=100, l=0, gc=0 > Response-Body-Transformed: Dechunked > Producer: ModSecurity for nginx (STABLE)/2.9.1 (http://www.modsecurity.org/ > <http://www.modsecurity.org/>); OWASP_CRS/3.0.2. > Server: ModSecurity Standalone > Engine-Mode: "ENABLED" > > --bc7c6349-Z-- > > As it’s not exactly error which can occur because of modsec but it’s > obviously the problem what can be the reason? Some directive? > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
