Menu
▾
▴
Re: [mod-security-users] JSON support was not enabled
|
From: junaid.khan <jun...@na...> - 2019-03-27 04:26:04
|
CentOS Linux release 7.6.1810 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL=https://bugs.centos.org/ Install Nginx Modsecurity: I install nginx through below mention link https://www.thermo.io/how-to/security/installing-modsec-for-nginx-on-centos7 also used mention link to enable Jason support in modsecurity but still facing issue https://stackoverflow.com/questions/35202761/json-support-was-not-enabled-modsecurity From: Eero Volotinen [mailto:eer...@ik...] Sent: Tuesday, March 26, 2019 7:19 PM To: mod...@li... Subject: Re: [mod-security-users] JSON support was not enabled Please specify your Linux OS version, distribution name and what package repository is used to install nginx modsecurity module? Eero On Tue, Mar 26, 2019 at 6:39 AM junaid.khan <jun...@na... <mailto:jun...@na...> > wrote: Dear Support I need to enable JSON support on mod_sec nginx kindly guide how I enable it. 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"] 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON support was not enabled [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"] 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id "200002"] [msg "Failed to parse request body."] [data ""] [severity "CRITICAL"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"] ^C Regards, Junaid Khan | System Administrator +92 03018281775 | +92 21 38400633 [Ext: 5531] jun...@na... <mailto:jun...@na...> | <http://www.nayapay.com/> www.nayapay.com _______________________________________________ mod-security-users mailing list mod...@li... <mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
