[Owasp-modsecurity-core-rule-set] setvar:'tx.allowed_methods Problem

[email protected] Wed, 09 Nov 2011 01:35:39 -0800

Hi to all,

I need a little help here. I want to use an newer rule set to my mod_security 
installations, but it looks like the variables form 
modsecurity_crs_10_config.conf are not propagated to the 
modsecurity_crs_30_http_policy.conf.


I have downloaded an installed the latest version of OWASP ModSecurity Core 
Rule Set Project ("core ruleset/2.2.3") and 
mod_security is version 2.5.11

vhost error.log 

ModSecurity: Access denied with code 403 (phase 2). Match of "within 
%{tx.allowed_methods}" against "REQUEST_METHOD" required. [file 
"/etc/modsecurity/activated_rules/modsecurity_crs_30_http_policy.conf"] [line 
"31"] [id "960032"] [msg "Method is not allowed by policy"] [data "GET"] 
[severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] 
[tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname 
"projekt.standard-sho


modsecurity_crs_10_config.conf:

#
# -=[ HTTP Policy Settings ]=-
#
# Set the following policy settings here and they will be propagated to the 30 
rules
# file (modsecurity_crs_30_http_policy.conf) by using macro expansion.  
# If you run into false positves, you can adjust the settings here.
#
SecAction "phase:1,id:'981212',t:none,nolog,pass, \
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded 
multipart/form-data text/xml application/xml application/x-amf', \
setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ 
.cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ 
.dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ 
.log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ 
.sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \
setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ 
/Translate/ /via/ /if/'"

modsecurity_crs_30_http_policy.conf:

SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" 
"phase:2,t:none,block,msg:'HTTP protocol version is not allowed by policy', 
severity:'2',id:'960034',tag:'POLICY/PROTOCOL_NOT_ALLOWED',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.10',logdata:'%{matched_var}',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.policy_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-POLICY/PROTOCOL_NOT_ALLOWED-%{matched_var_name}=%{matched_var}"
 

Any hints?
Greets,
Christian
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

[Owasp-modsecurity-core-rule-set] setvar:'tx.allowed_methods Problem

Reply via email to