Re: [mod-security-users] SecRuleRemoveByTag not working
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecRuleRemoveByTag not working
|
From: Christian F. <chr...@ne...> - 2018-03-28 19:08:16
|
Hello Eirik, On Wed, Mar 28, 2018 at 08:13:40PM +0200, Eirik Øverby - ModSecurity wrote: > If I create a file with a single line: > SecRuleRemoveByTag "platform-apache" > > And run modsec-rules-check against it, I get: > > : t.conf -- RemoveByTagplatform-apache > Loaded -1 rules. > Rules error. File: t.conf. Line: 1. Column: 37. syntax error, unexpected end of file > Test failed. Hmm. That is odd. It works for me: $> echo 'SecRuleRemoveByTag "platform-apache"' > /tmp/rule.conf $> /usr/src/modsecurity/modsecurity-v3.0.0/tools/rules-check/modsec-rules-check /tmp/rule.conf : /tmp/rule.conf -- Loaded 0 rules. Test ok. > : t.conf -- RemoveByTagplatform-apache > Loaded -1 rules. > Rules error. File: t.conf. Line: 1. Column: 57. syntax error, unexpected Operator RX (content only) > Test failed. > > There is no column 57. It's like it doesn't see the end of the lines, so it's concatenating. ModSecurity has a tendency to make mistakes when it counts numbers and lines. I usually tweak around a dozen times until I am sure what line/column it is complaining about. > NOTE: SecRuleRemoveById works as expected in all tests and scenarios. Unfortunately, it does not. Here is my take on SecRuleRemoveById: # works SecRuleRemoveById 930120 SecRuleRemoveById 932160 SecRuleRemoveById 930120-932160 SecRuleRemoveById 1-932160 # fails to work properly SecRuleRemoveById 930120,932160 # fails with parsing error SecRuleRemoveById 99-932160 The latter is really odd, I think. Ahoj, Christian -- If it could be proved that two plus two is five, then it could be proved that five is not five, and then there would be no claim that could not be proved, and math would be a lot of bunk. -- George Boolos |
