Re: [mod-security-users] Fwd: 2.7.0: regression in blocking non-numeric value
Brought to you by:
victorhora,
zimmerletw
From: Breno S. <bre...@gm...> - 2013-01-10 11:43:22
|
Rules must have IDs and must be numeric for internal engine reason Also they need to be different for each rule in the same context. For example i have the same rule : SecRule STREAM_OUTPUT_BODY "@rsub s/SOURCE/TEST/" "phase:4,status:400,id:111" loaded in a virtual-host:80 and into a virtual-host:443 also in the main context. On Thu, Jan 10, 2013 at 8:34 AM, Reindl Harald <h.r...@th...>wrote: > mod_security 2.7.1 has the same problem > as i also confirmed before the release > > all in all 2.7.x makes me VERY unhappy > > why the hell does every rule need a id and why the > hell has it to be UNIQUE - thank you for killing > a lot of handmade rules which had VERY good reasons > to have the same ID because they was supposed to > be disabled for specific locations and new rules > which was supposed to be also disabled got the > same to not need creep around in each and every > vhost-configuration > > > -------- Original-Nachricht -------- > Betreff: Re: [mod-security-users] 2.7.0: regression in blocking > non-numeric value > Datum: Tue, 30 Oct 2012 17:21:50 +0100 > Von: Reindl Harald <h.r...@th...> > Organisation: the lounge interactive design > An: Breno Silva <bre...@gm...> > Kopie (CC): Mailing-List mod_security < > mod...@li...> > > hi > > yes, please give me a realier test > in production i stay with 2.6 until 2.7.2/3 > > so this is only a test-vm where i added a lot of rule-id's > and cleaned up duplicate-id's which is not funny because > the duplicates were intented to make RemoveById simpler > > Am 30.10.2012 17:10, schrieb Breno Silva: > > Hello Reindl, > > > > We had a mistake in the code during the integration with the new ports > and the "block" action was disabled by mistake. > > I will be releaseing 2.7.1 this week and set it back. > > > > I you want i can send you a tarball of 2.7.1 earlier to test and check > it this is the issue in your case. > > > > Thanks > > > > On Tue, Oct 30, 2012 at 10:59 AM, Reindl Harald <h.r...@th...<mailto: > h.r...@th...>> wrote: > > > > why does the following rules no longer work? > > > > goal is/was to block any request with the listed parameters > > which contains non-numeric chars or numeric values with > > more than 7 characters........... > > __________________________________________ > > > > [root@testserver:/etc/httpd/modsecurity.d]$ cat > modsecurity_99_protected_vars.conf > > SecDefaultAction "log,auditlog,deny,status:400,phase:1" > > > > SecRule ARGS "!^\d{1,7}$" > "id:'83',chain,phase:1,capture,logdata:'%{matched_var}',block,msg:'out of > range'" > > SecRule MATCHED_VARS_NAMES "@pmFromFile > modsecurity_99_protected_vars.data" "chain,capture" > > SecRule MATCHED_VAR "@streq %{tx.0}" > > > > SecRule ARGS "!^\d{1,7}$" > "id:'84',chain,phase:2,capture,logdata:'%{matched_var}',block,msg:'out of > range'" > > SecRule MATCHED_VARS_NAMES "@pmFromFile > modsecurity_99_protected_vars.data" "chain,capture" > > SecRule MATCHED_VAR "@streq %{tx.0}" > > __________________________________________ > > > > [root@testserver:/etc/httpd/modsecurity.d]$ cat > modsecurity_99_protected_vars.data > > blog_comment_refid > > blog_id > > blog_showpage > > cfg_id > > cms_remember_login > > dbid > > detail_id > > ds_id > > ext_group > > ext_id > > fo_board_id > > gh_id > > gid > > gi_id > > gi_sid > > gs_hid > > gs_id > > gs_lightbox > > gs_rnd_hr_enable > > gs_rnd_tn_enable > > gs_show_title > > gs_tn_lupe > > gs_zoom > > hid > > item_id > > k2sid > > kid > > ksid > > lock_id > > lock_key > > od_id > > pal_id > > pc_entry_group_id > > pc_entry_id > > pc_group_id > > pers_id > > portal_gruppe > > portal_id > > portal_kategorie > > ps_id > > pvc_id > > pvi_id > > s2id > > s2sid > > shid > > show_item > > show_thread > > sid > > vgid > > vugid > > vuid > > vvid > > vvuid > > yc_aktiv > > yc_id > > yc_page > > yi_cid > > yi_id > > yi_page > > yk_aktiv > > yk_id > > yk_item > > > > > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122712 > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |