[Mod-security-developers] [JIRA] Resolved: (MODSEC-177) SecRuleUpdateActionById does not work with chained rules

[Breno S. P. (JIRA) <no...@mo...>]

     [ https://www.modsecurity.org/tracker/browse/MODSEC-177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-177.
--------------------------------------

    Fix Version/s: 2.6.1
                       (was: 2.7.0)
       Resolution: Duplicate

> SecRuleUpdateActionById does not work with chained rules
> --------------------------------------------------------
>
>                 Key: MODSEC-177
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-177
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Configuration
>    Affects Versions: 2.5.12
>         Environment: CentOS release 5.5 (Final)
> mod_security-2.5.12-1.el5 (EPEL)
>            Reporter: George Notaras
>            Assignee: Breno Silva Pinto
>             Fix For: 2.6.1
>
>
> It seems that if *SecRuleUpdateActionById* is used to update the actions of a chained rule, the modified rule stops being chained with its subsequent rules, unless the *chain* action is used in the SecRuleUpdateActionById statement.
> Example:
> {code}
> SecMarker BEGIN_ACCEPT_CHECK
>     SecRule REQUEST_METHOD "!^OPTIONS$" \
>         "chain,phase:2,rev:'2.0.8',t:none,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10'"
>         SecRule &REQUEST_HEADERS:Accept "@eq 0" "skipAfter:END_ACCEPT_CHECK,t:none"
>     SecRule REQUEST_METHOD "!^OPTIONS$" \
>         "chain,phase:2,rev:'2.0.8',t:none,msg:'Request Has an Empty Accept Header', severity:'2',id:'960021',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
>         SecRule REQUEST_HEADERS:Accept "^$" "t:none"
> SecMarker END_ACCEPT_CHECK
> SecRuleUpdateActionById 960015 "chain,pass,msg:'[PASS] Request Missing an Accept Header'"
> {code}
> As shown in the example, the _chain_ action has to be set again in the SecRuleUpdateActionById directive in order to keep the 960015 rule chained with the rest of the rules.
> I am not sure if this is a bug, but this limitation regarding chained rules is not documented.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira