erm3nda erm3nda - 1 year ago 127
Apache Configuration Question

Syntax error on owasp rules

EDITED: My last move was remove spaces and some other modifications. still no results

I created a whitelist.conf for the modsecurity-crs rules.

I put that simple code

<LocationMatch "/">

The result is

httpd: Syntax error on line 420 of /usr/local/apache/conf/httpd.conf: Syntax error on line 14 of /usr/local/apache/conf.d/mod_security.conf: Syntax error on line 1 of /usr/local/apache/modsecurity-crs/activated_rules/whitelist.conf: /usr/local/apache/modsecurity-crs/activated_rules/whitelist.conf:1: was not closed.

How can it be a syntax error?
Im really stucked with that.

Note: If i put an empty fail, do not fai and obviosly does nothing.
If a put
the fail is about not detect
opening tag.

Seems to do not recognize
at all.
Examples here

I really think that the bundled (in some hosting package i won't mention) CSR did contain some mistake, because i used it without modify it at all, so, something is wrong from the start. After reading nothing made it work, so i've simply leaved that hosting software provinding that. I'll not expect that weird behavior for a up-to-date CSR with not custom tweaking. Thanks.

Answer Source

At first you have to find which rule blocked your script .

You can find the errors and rule Id's on the file "modsec_audit.log"

All requests that trigger a ModSecurity events (as detected) or a serer error are logged ("RelevantOnly") are logged into this file.

This file must be located on /usr/local/apache/logs/modsec_audit.log or /var/log/httpd/modsec_audit.log

Open file : /usr/local/apache/modsecurity-crs/activated_rules/whitelist.conf

So , you can disable the rule for that file or files with this code :

<LocationMatch "/patchtofile">
    SecRuleRemoveById 000000

You have to replace patchtofile > file you got error on modsec_audit.log , and you need to replace 000000 with the rule ID you finded on log file . you have to this for each file and error you found.

Also you can disable the rules for a whole directory you want :

<LocationMatch "/patchtodir">
    SecRuleRemoveById 000000

Replace patchtodir with directory patch and replace the rule Id too

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download