Menu
▾
▴
Re: [mod-security-users] JSON support was not enabled
|
From: Felipe R. <fel...@gm...> - 2019-03-27 14:05:19
|
nginx_refactoring branch is almost five years old. You're probably want v2.9.3 or master branch which is libmodsecurity (v3). On Wed, Mar 27, 2019 at 1:32 AM junaid.khan <jun...@na...> wrote: > CentOS Linux release 7.6.1810 (Core) > > NAME="CentOS Linux" > > VERSION="7 (Core)" > > ID="centos" > > ID_LIKE="rhel fedora" > > VERSION_ID="7" > > PRETTY_NAME="CentOS Linux 7 (Core)" > > ANSI_COLOR="0;31" > > CPE_NAME="cpe:/o:centos:centos:7" > > HOME_URL="https://www.centos.org/" > > BUG_REPORT_URL=https://bugs.centos.org/ > > > > *Install Nginx Modsecurity:* > > > > I install nginx through below mention link > > > https://www.thermo.io/how-to/security/installing-modsec-for-nginx-on-centos7 > > > > also used mention link to enable Jason support in modsecurity but still > facing issue > > > > > https://stackoverflow.com/questions/35202761/json-support-was-not-enabled-modsecurity > > > > *From:* Eero Volotinen [mailto:eer...@ik...] > *Sent:* Tuesday, March 26, 2019 7:19 PM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] JSON support was not enabled > > > > Please specify your Linux OS version, distribution name and what package > repository is used to install nginx modsecurity module? > > > > Eero > > > > On Tue, Mar 26, 2019 at 6:39 AM junaid.khan <jun...@na...> > wrote: > > Dear Support > > > > I need to enable JSON support on mod_sec nginx kindly guide how I enable > it. > > > > > > 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: > Warning. Match of "within %{tx.allowed_http_versions}" against > "REQUEST_PROTOCOL" required. [file > "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] > [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by > policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] > [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] > [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag > "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] > [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id > "AcAcAcAcAcAYlcAcAbAcAcA2"] > > 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON > support was not enabled [hostname ""] [uri > "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id > "AcAcAcAcAcAYlcAcAbAcAcA2"] > > 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access > denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" > required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id > "200002"] [msg "Failed to parse request body."] [data ""] [severity > "CRITICAL"] [hostname ""] [uri > "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id > "AcAcAcAcAcAYlcAcAbAcAcA2"] > > ^C > > > > Regards, > > *Junaid Khan* | *System Administrator* > > +92 03018281775 | +92 21 38400633 [Ext: 5531] > > jun...@na... | www.nayapay.com > > [image: cid:image001.png@01D43481.09450210] > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- *Nenhum Sonho é grande demais.* |
