[mod-security-users] ip collection does not exist
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] ip collection does not exist
|
From: Yonah R. <mod...@yo...> - 2011-01-26 09:15:13
|
Hi, I'm not sure if this is a CRS issue or a mod_security issue. I'm running Mod_Security 2.5.13 compiled on SPARC with Sun Studio, Apache 2.2.17, Solaris 10 with CRS 2.1.1 Apache is running as user webservd and webservd is the owner of the modsecurity_crs directory and the files in it. I have copied the following rules into the base_rules directory: modsecurity_crs_11_dos_protection.conf modsecurity_crs_11_slow_dos_protection.conf I've uncommented the following section in modsecurity_crs_10_config.conf SecAction "phase:1,t:none,nolog,pass, \ setvar:'tx.dos_burst_time_slice=60', \ setvar:'tx.dos_counter_threshold=100', \ setvar:'tx.dos_block_timeout=600'" In the debug log I get the error: Could not set variable "ip.dos_counter" as the collection does not exist. Here is the level 9 debug up to that point (some details obfuscated) [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Initialising transaction (txid TT-YxKwVByQAAC6ZJSEAAAAC). [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Transaction context created (dcfg de7f0). [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Processing disabled, skipping (hook request_early). [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] PdfProtect: Not enabled here. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Processing disabled, skipping (hook request_late). [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Hook insert_filter: Adding PDF XSS protection output filter (r 1630cf0). [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Hook insert_filter: Processing disabled, skipping. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Initialising logging. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Starting phase LOGGING. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][9<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B9>] This phase consists of 40 rule(s). [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Recipe: Invoking rule 256478; [file "/var/www/conf/modsecurity_crs/base_rules/modsecurity_crs_11_dos_protection.conf"] [line "24"]. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][5<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B5>] Rule 256478: SecRule "IP:DOS_BLOCK" "@eq 1" "phase:5,noauditlog,t:none,nolog,skipAfter:END_DOS_PROTECTION_CHECKS" [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Rule returned 0. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][9<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B9>] No match, not chained -> mode NEXT_RULE. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Recipe: Invoking rule 256c28; [file "/var/www/conf/modsecurity_crs/base_rules/modsecurity_crs_11_dos_protection.conf"] [line "30"]. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][5<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B5>] Rule 256c28: SecRule "REQUEST_BASENAME" "!@rx \\.(jpe?g|png|gif|js|css|ico)$" "phase:5,noauditlog,t:none,nolog,pass,setvar:ip.dos_counter=+1" [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Transformation completed in 7 usec. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Executing operator "!rx" with param "\\.(jpe?g|png|gif|js|css|ico)$" against REQUEST_BASENAME. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][9<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B9>] Target value: "index.php" [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][6<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B6>] Ignoring regex captures since "capture" action is not enabled. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][4<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B4>] Operator completed in 189 usec. [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][9<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B9>] Setting variable: ip.dos_counter=+1 [26/Jan/2011:08:18:13 +0000] [ 192.168.1.1/sid#9caf8][rid#1630cf0][/index.php][3<http://192.168.1.1/sid#9caf8][rid%231630cf0%5D%5B/index.php%5D%5B3>] Could not set variable "ip.dos_counter" as the collection does not exist. Any ideas? Thanks, Yonah |
