Ups... I've looked at "modsecurity_crs_10_config.conf" and it says "Core
ModSecurity Rule Set ver.1.5.1".
Should I just remove the old *.conf files on my ModSecurity Core directory
and upload the new ones??
(I haven't made any changes to them)
Also, how can I verify what mod security version am I running? Probably I'm
using some old version....
Thank you very much for your reply.
From: "Ryan Barnett" <Ryan.Barnett@...>
Sent: Monday, January 12, 2009 10:42 PM
To: "João Romão" <jdnr-online@...>; "Mod Security"
Subject: RE: [mod-security-users] Error - ModSecurity does not support
> -----Original Message-----
> From: João Romão [mailto:jdnr-online@...]
> Sent: Monday, January 12, 2009 5:30 PM
> To: Mod Security
> Subject: [mod-security-users] Error - ModSecurity does not support content
> Today when looking at the error logs, I found the following errors:
> ModSecurity: Could not set variable "resource.alerted_960903_compression"
> the collection does not exist.
> ModSecurity: Warning. Operator EQ match: 0. [id "960903"] [msg
> does not support content encodings"]
> I search Google for this and found that it could be related to
> so I disable it in httpd.conf and restarted apache.
> However this have NOT solved the problem.
> [Ryan Barnett] This message is generated because that version of the CRS
> was using the setvar action to attempt to set a RESOURCE collection entry
> and initcol had not yet been used to open up the collection.
> Can someone please help me on this and let me know what can it be?
> [Ryan Barnett] What CRS version are you using? In the current version
> (1.6.1) we have switched from using the RESOURCE collection to using the
> GLOBAL one and we properly initiate the collection -
> # Log outbound compressed content (log once)
> SecRule RESPONSE_HEADERS:Content-Encoding "!^Identity$" \
> "phase:4,t:none,pass,log,auditlog,msg:'ModSecurity does not support
> content encodings',id:'960903',severity:'4',chain,initcol:global=global"
> SecRule &GLOBAL:alerted_960903_compression "@eq 0"