Re: [mod-security-users] Unresolved Variable Error in Apache Logs

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ivan.

Thank you for your response.

I've solved the problem and it was due to some php rules that were included
in the gotroot rules I downloaded. I do not use php.

I have created a custom rulset with some of the examples from the gotroot
folks, many thanks!

At this time the errors are gone and I have put mod_security into
production. I had a few malicious attempts this past weekend. These attempt=
s
are now being blocked. Before mod_security I had the hardest time doing
anything with POST URL's in apache.

Thank you.
David

On 11/13/05, Ivan Ristic <iv...@we...> wrote:
>
> David DeVault wrote:
> > Hello.
> >
> > I'm getting the following error in my apache logs.
> >
> > What I want to know is does this have something to do with my rules or
> > is there a problem somewhere else? I'm also not getting audit logs.
> >
> > [Sat Nov 12 20:13:00 2005] [error] [client 71.134.92.201<http://71.134.=
92.201>
> > <http://71.134.92.201>] mod_security: get_variable: unresolved variable
> > type 9 (internal error) [hostname "host.com <http://host.com> <
> http://host.com>"] [uri
> > "/index.html"] [unique_id "Q3a9S0B8NNQAAGMqYYM"]
> >
> > I'm using Apache 1.3 and I downloaded and compiled the latest
> > mod_security module for apache1.
>
> Hi David,
>
> I suspect "OUTPUT" is used somewhere in your ModSecurity
> configuration. This variable is only supported in the version
> for Apache 2.x but ModSecurity does not complain if an attempt
> to use "OUTPUT" with Apache 1.x is made. (At least not at the
> moment; I'll add the check to one of the future releases.)
>
> If you find it simply comment out the rules - they are not
> doing anything for Apache 1.3.x anyway.
>
> --
> Ivan Ristic
> Apache Security (O'Reilly) - http://www.apachesecurity.net
> Open source web application firewall - http://www.modsecurity.org
>