[ https://www.modsecurity.org/tracker/browse/MODSEC-202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Barnett closed MODSEC-202.
-------------------------------
Resolution: Won't Fix
As you stated, the Apache document may be a bit confusing but ModSecurity is handling it in the correct way. We will try to also update our Reference Manual concerning rules processing and Apache Scope locations.
> Order of execution not following Apache rules
> ---------------------------------------------
>
> Key: MODSEC-202
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-202
> Project: ModSecurity
> Issue Type: Bug
> Security Level: Normal
> Components: Core
> Affects Versions: 2.5.13
> Reporter: Marc Stern
> Assignee: Breno Silva Pinto
>
> SecAction "phase:2,pass,msg:'* global (1)'"
> <Location /test/test.html>
> SecAction "phase:2,pass,msg:'* /test/html (1)'"
> </Location>
> <Location /test>
> SecAction "phase:2,pass,msg:'* /test'"
> </Location>
> <Location /test/test.html>
> SecAction "phase:2,pass,msg:'* /test/html (2)'"
> </Location>
> SecAction "phase:2,pass,msg:'* global (2)'"
> Following Apache rules (http://httpd.apache.org/docs/2.2/sections.html#mergin), the order of execution should be
> global (1)
> global (2)
> /test
> /test/html (1)
> /test/html (2)
> However, the result is
> Unconditional match in SecAction. [msg "* global (1)"]
> Unconditional match in SecAction. [msg "* global (2)"]
> Unconditional match in SecAction. [msg "* /test/html (1)"]
> Unconditional match in SecAction. [msg "* /test"]
> Unconditional match in SecAction. [msg "* /test/html (2)"]
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
