[mod-security-users] Help with transition from "old" ModSecurity?
Brought to you by:
victorhora,
zimmerletw
From: <th...@pr...> - 2010-07-28 00:36:04
|
Hello, I am running now ModSec 2.5.11 with CRS 2.0.7 on a Debian Lenny. I used ModSec before, when "it was dfferent", ie. version 2.1.1 or something, when there was no "scoring" and similar things implemented. I am struggeling with messages like ModSecurity: Warning. Operator GE matched 0 at TX:inbound_anomaly_score. [file "/etc/apache2/modsecurity_crs/base_rules/modsecurity_crs_60_correlation.conf"] [line "35"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5, SQLi=, XSS=): when my /etc/apache2/modsecurity_crs/modsecurity_crs_10_config.conf says this: SecAction "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=20" I am having similar problems with tx.max_num_args and such. I just cannot set these variables for some reason. Can you please point me in the right direction? Cheers Thomas |