In line 23 on /etc/modsecurity/modsecurity_crs_15_pre_custom.conf there is a error with invalid regular expression.

If that number line is your new rule REQUEST FILENAME it seems that does not valid regular expression: ^/../login$

Here you can find a login block rule: http://serverfault.com/questions/308964/how-to-use-regex-for-mod-security

I donīt know  mod_security version of the post and version you are using.

Kind regards,


2013/10/30 Jan Phillip Greimann <jg@softjury.de>
Hi Josh,

I've got a second problem:

SecRule REQUEST_FILENAME "^/../login$"
"phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION|XSS|LDAP_INJECTION)|PROTOCOL_VIOLATION/EVASION);ARGS:login[password]"

is one of my rules. In my logic it should work, but I get the following
error:

Syntax error on line 23 of
/etc/modsecurity/modsecurity_crs_15_pre_custom.conf:
Error parsing actions: ModSecurity: Invalid regular expression
"OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION"
Action 'configtest' failed.
The Apache error log may have more information.
  failed!

Where is the problem, in my opinion it's right. :-/


------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/