Re: [mod-security-users] ruleRemoveTargetById segmentation fault
Brought to you by:
victorhora,
zimmerletw
From: Breno S. <bre...@gm...> - 2012-10-22 12:28:05
|
Looks like you are using a wrong separator ":" between the ID and the TARGET list -> 981319 [:] ARGS:passwordfield You must use ";" Try this: SecRule REQUEST_FILENAME "@streq /login" "phase:1,t:none,nolog,pass, > > ctl:ruleRemoveTargetById=981319;ARGS:passwordfield,id:'10000'" Thanks Breno On Mon, Oct 22, 2012 at 6:51 AM, Kristof Baute <kb...@re...> wrote: > > Hi, > > I am trying to add a CRS exception for a password field. So I have added > the following rule: > > SecRule REQUEST_FILENAME "@streq /login" > "phase:1,t:none,nolog,pass,ctl:ruleRemoveTargetById=981319:ARGS:passwordfield,id:'10000'" > > But when I connect to the login page, I get a connection reset and the > following in the apache error log: > [Mon Oct 22 13:44:36 2012] [notice] child pid 18638 exit signal > Segmentation fault (11) > > Apache = 2.2.14 > OS = Ubuntu 12.04 > Modsecurity = 2.7.0 > > Regards, > > Kristof > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |