Hi it also seems i was loading mod sec 2.0.3 on my dev, im now using 2.0.4 and now im unable to set an id and message in the default action ! I need this so i can identify where rules are in the log, and also turn them off by id due to the location limitation ??

Syntax error on line 25 of /etc/mod_security/default/bad_robots.conf:
ModSecurity: SecDefaultAction must not contain any metadata actions (id, rev, msg).

SecDefaultAction "auditlog,pass,id:90900,phase:2,t:lowercase,msg:'(default/bad_robots.conf)'"


Do i guess i must go through every rule without an action and add one :\

Ofer Shezaf wrote:

 

'SecFilterEngine' is a 1.9.x directive. You got it right and SecRuleEngine is the correct directive for ModSecurity 2.x. Sorry for the typo.

 

~ Ofer

 


From: mod-security-users-bounces@lists.sourceforge.net [mailto:mod-security-users-bounces@lists.sourceforge.net] On Behalf Of Dan Rossi
Sent: Monday, November 27, 2006 8:15 AM
To: Ivan Ristic
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] mod-security-users Digest, Vol 6, Issue 22

 

Ivan Ristic wrote:

On 11/21/06, Dan Rossi <spam@electroteque.org> wrote:

Ivan Ristic wrote:
>
> It is documented and it works. However, "SecFilterInheritance"
> prevents the rules from being inherited from the parent context but it
> does nothing to the configuration options. The configuration settings
> are always inherited. If you want something different to happen just
> provide different configuration. So, in your case you could do
> something like:
>
> <Location /signup>
> SecFilterInheritance Off
> SecFilterForceByteRange 0 255
> </Location>
>

Ok what im saying here is, every rule set as default will have to be
overwritten as u have here, ie the ones we need to override for etc, so
mod sec cant be turned off per virtualhost for instance ?


Sure it can:

<VirtualHost whatever>
   SecFilterEngine Off
   SecAuditEngine Off
</VirtualHost>

Hi Ivan, i just put these rules  inside virtualhost for mod sec 2 and i get this

Invalid command 'SecFilterEngine', perhaps mis-spelled or defined by a module not included in the server configuration


if i do

SecRuleEngine Off
SecAuditEngine Off


its ok however for some of our zend encoded files something happens with the posts, i dont get any errors but it seems modsec is doing something even though ive turned if off in that path and redirects back to the file . I cant go into the code and look because its encoded and there is no log :\