[ https://www.modsecurity.org/tracker/browse/MODSEC-169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Barnett closed MODSEC-169.
-------------------------------
Fix Version/s: 2.5.13
Resolution: Fixed
This issue is fixed in 2.5.13
> Chain rule + Macro resolved Error...
> ------------------------------------
>
> Key: MODSEC-169
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-169
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Actions
> Affects Versions: 2.5.12
> Environment: OS : CentOS release 4.8 (Final) / CPU : AMD Phenom(tm) II X4 945 Processor
> Reporter: Choi Min Kuk
> Assignee: Breno Silva Pinto
> Priority: Low
> Fix For: 2.5.13
>
>
> Sorry, I don't english well.. because to directly question..
> Error,
> Using Chain Rule => Don't Macro Resovle..
> Example>
> SecRule REQUEST_URI "modtest" "chain,redirect:modsec_error.html?rq=%{REQUEST_HEADERS.host}%{REQUEST_URI}"
> SecRule REQUEST_URI "html"
> --- Result : Redirected : /modsec_error.html?rq=%{REQUEST_HEADERS.host}%{REQUEST_URI}
> I want result : /modsec_error.html?rq=hostname/request_uri
> But, not using chain action -> result : /modsec_error.html?rq=hostname/request_uri ..
> bottom...Modsecurity Debug log...
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][5] Rule 552af7e950: SecRule "REQUEST_URI" "@rx modtest" "log,auditlog,status:403,phase:2,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,redirect:http://help.onmaru.com/modsec_
> error.html?rq=%{REQUEST_HEADERS.host}%{REQUEST_URI},chain"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] CACHE: Enabled
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] T (0) urlDecodeUni: "/test/modtest.html"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] T (0) htmlEntityDecode: "/test/modtest.html"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] T (0) lowercase: "/test/modtest.html"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Transformation completed in 19 usec.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Executing operator "rx" with param "modtest" against REQUEST_URI.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] Target value: "/test/modtest.html"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Operator completed in 2 usec.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Rule returned 1.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] Match -> mode NEXT_RULE.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Recipe: Invoking rule 552af7f608; [file "/etc/httpd/conf.d/virtual.conf"] [line "1255"].
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][5] Rule 552af7f608: SecRule "REQUEST_URI" "@rx html" "log,auditlog,status:403,phase:2,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,redirect:http://help.onmaru.com/modsec_err
> or.html?rq=%{REQUEST_HEADERS.host}%{REQUEST_URI}"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] CACHE: Enabled
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] T (0) urlDecodeUni,htmlEntityDecode,lowercase: "/test/modtest.html" [cached hits=1]
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Transformation completed in 6 usec.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Executing operator "rx" with param "html" against REQUEST_URI.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] Target value: "/test/modtest.html"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Operator completed in 1 usec.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] Resolved macro %{REQUEST_HEADERS.host} to "cmkmh.maru.net"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] Resolved macro %{REQUEST_URI} to "/test/modtest.html"
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][4] Rule returned 1.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][9] Match, intercepted -> returning.
> [17/Aug/2010:18:33:44 +0900] [cmkmh.maru.net/sid#552b385620][rid#552c4f2658][/test/modtest.html][1] Access denied with redirection to http://help.onmaru.com/modsec_error.html?rq=%{REQUEST_HEADERS.host}%{REQUEST_URI} using status 302 (phase 2). Pattern match "html" at REQ
> UEST_URI. [file "/etc/httpd/conf.d/virtual.conf"] [line "1254"]
> Look...Macro resolving at line 1255.. but redirect is line 1254...
> Can you help me?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|