[mod-security-users] SecRuleRemoveByTag not working

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

we're trying to use stuff like
 SecRuleRemoveByTag "platform-apache"
to remove entirely uninteresting rules from our modsecurity configuration without actually touching the OWASP rule file.

If I create a file with a single line:
 SecRuleRemoveByTag "platform-apache"

And run modsec-rules-check against it, I get:

: t.conf  --  RemoveByTagplatform-apache
Loaded -1 rules.
   Rules error. File: t.conf. Line: 1. Column: 37. syntax error, unexpected end of file 
Test failed.

If I add a second line, with "platform-windows" for instance, I get:

: t.conf  --  RemoveByTagplatform-apache
Loaded -1 rules.
   Rules error. File: t.conf. Line: 1. Column: 57. syntax error, unexpected Operator RX (content only) 
Test failed.

There is no column 57. It's like it doesn't see the end of the lines, so it's concatenating.

Anyone else seen this?
Getting the same kind of errors when trying to load a complete config (with a line like these at the end) through nginx, or using modsecurity_rules directive in nginx.conf.

NOTE: SecRuleRemoveById works as expected in all tests and scenarios.

Wbr
/Eirik