I have upgraded CRS on our server from 2.1.2 to 2.2.2. I get an error starting
Apache server unless I comment out the following rule in
base_rules/modsecurity_crs_20_protocol_violations.conf:
SecRule REQBODY_ERROR "!@eq 0" \
"phase:2,t:none,block,msg:'Failed to parse request
body.',id:'960912',logdata:'%{reqbody_error_msg}',severity:2,
setvar:'tx.msg=%{rule.msg}',setvar:'tx.id=%{rule.id}',tag:'RULE_MATURITY/7',tag:'RULE_ACCURACY/8',tag:'https://www.owasp
.org/index.php/ModSecurity_CRS_RuleID-%{tx.id}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.protocol
_violation_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%
{matched_var}"
Error message:
Starting httpd: Syntax error on line 91 of
/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_20_protocol_violations.conf:
Error creating rule: Unknown variable: REQBODY_ERROR
Did I miss something in the installation instructions?
Anna Chulaki
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
