Hi guys.
N00b here. Trying to tweak the rules, so they work with our applications here.
Current obstacle is:
Message: JSON support was not enabled
Message: Access denied with code 400 (phase 2). Match of "eq 0" against
"REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line
"82"] [id "200002"] [msg "Failed to parse request body."] [data ""] [severity
"CRITICAL”]
The Content-Type is "application/json-rpc” so I added the following:
SecRule REQUEST_HEADERS:Content-Type "application/json-rpc" \
"id:'44441',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON”
Which didn’t help me. The reference manual doesn’t say much about adding
support for JSON. Can you help out?
Thanks-
Regards
Søren Christian Aarup
DBA/System Administrator
LinkedIn: www.linkedin.com/in/aarup<http://www.linkedin.com/in/aarup>
[DIBS - Payments made easy]<http://www.dibs.dk/>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
