Re: [mod-security-users] JSON support was not enabled

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I add mention yellow line in modsec conf file and when I restart the nginx service it give error against modsec line call in nginx file.

Mod sec file conf:

# -- Audit log configuration -------------------------------------------------

# Log the transactions that are marked by a rule, as well as those that

# trigger a server error (determined by a 5xx or 4xx, excluding 404,

# level response status codes).

#

SecAuditLogFormat JSON

SecAuditEngine RelevantOnly

SecAuditLogRelevantStatus "^(?:5|4(?!04))"

Error Message:

[root@ny-middleware-fwd ~]# systemctl restart nginx

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

[root@ny-middleware-fwd ~]# systemctl status nginx.service

â— nginx.service - The NGINX HTTP and reverse proxy server

   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)

   Active: failed (Result: exit-code) since Wed 2019-03-27 14:18:52 PKT; 4s ago

  Process: 501 ExecStop=/bin/kill -s QUIT (code=exited, status=1/FAILURE)

  Process: 331 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)

  Process: 506 ExecStartPre=/usr/local/nginx/sbin/nginx -t (code=exited, status=1/FAILURE)

Main PID: 333 (code=exited, status=0/SUCCESS)

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Stopped The NGINX HTTP and reverse proxy server.

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Unit nginx.service entered failed state.

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: nginx.service failed.

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Starting The NGINX HTTP and reverse proxy server...

Mar 27 14:18:52 ny-middleware-fwd nginx[506]: nginx: [emerg] ModSecurityConfig in /usr/local/nginx/conf/nginx.conf:50: Unknown...Format

Mar 27 14:18:52 ny-middleware-fwd nginx[506]: nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: nginx.service: control process exited, code=exited status=1

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Unit nginx.service entered failed state.

Mar 27 14:18:52 ny-middleware-fwd systemd[1]: nginx.service failed.

From: Christian Varas [mailto:cv...@it...] 
Sent: Tuesday, March 26, 2019 6:23 PM
To: mod...@li...
Subject: Re: [mod-security-users] JSON support was not enabled

In your modsec conf append the line in yellow.
If you already have this line and is not working, maybe is because the modsec was not compiled with the json support

SecDebugLogLevel 3
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,  
# level response status codes).
#
SecAuditLogDirMode 1733
SecAuditLogFileMode 0550
SecAuditLogFormat JSON
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4)"
# Log everything we know about a transaction.
SecAuditLogParts ABCHIZ

Cheers.

El mar., 26 de mar. de 2019 01:39, junaid.khan <jun...@na... <mailto:jun...@na...> > escribió:

Dear Support

I need to enable JSON support on mod_sec nginx kindly guide how I enable it.

2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]

2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON support was not enabled [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]

2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id "200002"] [msg "Failed to parse request body."] [data ""] [severity "CRITICAL"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]

^C

Regards,

Junaid Khan  |  System Administrator

+92 03018281775   | +92 21 38400633 [Ext: 5531]

jun...@na... <mailto:jun...@na...>    |    <http://www.nayapay.com/> www.nayapay.com

_______________________________________________
mod-security-users mailing list
mod...@li... <mailto:mod...@li...> 
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/