Re: [mod-security-users] SecRuleRemoveByTag not working
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecRuleRemoveByTag not working
|
From: Christian F. <chr...@ne...> - 2018-03-28 20:41:34
|
Hey, hey, On Wed, Mar 28, 2018 at 10:26:05PM +0200, Eirik Øverby - ModSecurity wrote: > Hi there, > > > Hmm. That is odd. It works for me: > > > > $> echo 'SecRuleRemoveByTag "platform-apache"' > /tmp/rule.conf > > $> /usr/src/modsecurity/modsecurity-v3.0.0/tools/rules-check/modsec-rules-check /tmp/rule.conf > > : /tmp/rule.conf -- Loaded 0 rules. > > Test ok. > > Which version and OS is this? $> cat /etc/issue Ubuntu 16.04.4 LTS \n \l $> uname -a Linux anastasia 4.13.0-37-generic #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $> ldd /usr/src/modsecurity/modsecurity-v3.0.0/tools/rules-check/modsec-rules-check linux-vdso.so.1 => (0x00007fffad7b2000) libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4 (0x00007f2adaddf000) libGeoIP.so.1 => /usr/lib/x86_64-linux-gnu/libGeoIP.so.1 (0x00007f2adabae000) libpcre.so.1 => /usr/local/pcre/lib/libpcre.so.1 (0x00007f2ada990000) libyajl.so.2 => /usr/lib/x86_64-linux-gnu/libyajl.so.2 (0x00007f2ada785000) libxml2.so.2 => /usr/lib/x86_64-linux-gnu/libxml2.so.2 (0x00007f2ada3ca000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f2ada1c2000) libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f2ad9e40000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f2ad9b37000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f2ad9921000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f2ad9704000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2ad933a000) libidn.so.11 => /usr/lib/x86_64-linux-gnu/libidn.so.11 (0x00007f2ad9107000) librtmp.so.1 => /usr/lib/x86_64-linux-gnu/librtmp.so.1 (0x00007f2ad8eeb000) libnettle.so.6 => /usr/lib/x86_64-linux-gnu/libnettle.so.6 (0x00007f2ad8cb5000) libgnutls.so.30 => /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007f2ad8985000) libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f2ad873b000) liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007f2ad852c000) libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007f2ad82db000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f2ad80c1000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f2ad7ebd000) libicuuc.so.55 => /usr/lib/x86_64-linux-gnu/libicuuc.so.55 (0x00007f2ad7b29000) liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f2ad7907000) /lib64/ld-linux-x86-64.so.2 (0x00007f2adb04c000) libhogweed.so.4 => /usr/lib/x86_64-linux-gnu/libhogweed.so.4 (0x00007f2ad76d4000) libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007f2ad7454000) libp11-kit.so.0 => /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007f2ad71f0000) libtasn1.so.6 => /usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007f2ad6fdd000) libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f2ad6d0b000) libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f2ad6adc000) libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f2ad68d8000) libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f2ad66cd000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f2ad64b2000) libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f2ad6297000) libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3 (0x00007f2ad6056000) libicudata.so.55 => /usr/lib/x86_64-linux-gnu/libicudata.so.55 (0x00007f2ad459f000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f2ad4397000) libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f2ad4193000) libheimntlm.so.0 => /usr/lib/x86_64-linux-gnu/libheimntlm.so.0 (0x00007f2ad3f8a000) libkrb5.so.26 => /usr/lib/x86_64-linux-gnu/libkrb5.so.26 (0x00007f2ad3d00000) libasn1.so.8 => /usr/lib/x86_64-linux-gnu/libasn1.so.8 (0x00007f2ad3a5e000) libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007f2ad382b000) libroken.so.18 => /usr/lib/x86_64-linux-gnu/libroken.so.18 (0x00007f2ad3615000) libwind.so.0 => /usr/lib/x86_64-linux-gnu/libwind.so.0 (0x00007f2ad33ec000) libheimbase.so.1 => /usr/lib/x86_64-linux-gnu/libheimbase.so.1 (0x00007f2ad31dd000) libhx509.so.5 => /usr/lib/x86_64-linux-gnu/libhx509.so.5 (0x00007f2ad2f92000) libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f2ad2cbd000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f2ad2a85000) (Lines moved to the left to fit on the line in most cases). > > ModSecurity has a tendency to make mistakes when it counts numbers and > > lines. I usually tweak around a dozen times until I am sure what > > line/column it is complaining about. > > Yeah but comparing the first and second tests it seems pretty clear (EOF > error) it's not actually even trying to parse the rule, it simply doesn't > see the end of it. Agree. > OK, I've only tried excluding individual rules, showing that the general > idea works. The tag variant doesn't seem to work at all - not even if I > enable one from the OWASP example files. I just checked again. SecRuleRemoveByTag works for me. I think you need to dig down into your problem and if you find it's a bug, then issue a bug report. Ahoj, Christian > > /Eirik > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most engaging > tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ mod-security-users mailing > list mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial > ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
