为什么我的 apache2 在 Ubuntu 16.04 上失败?

为什么我的 apache2 在 Ubuntu 16.04 上失败?

我刚刚将我的服务器从 14.04 更新到 16.04 LTS,一切都正常,除了 apache2 由于语法错误而开始失败modsecurity

如果我禁用该规则:

Oct 09 14:46:04  apache2[8487]: AH00526: Syntax error on line 118 of /usr/share/modsecurity-crs/activated_rules...

它将继续违反其他不同的规则,我不确定为什么会发生这种情况,以前它运行良好。

以下是完整日志:

Oct 09 14:46:03  apache2[8487]:  * Starting Apache httpd web server apache2
Oct 09 14:46:04  apache2[8487]:  *
Oct 09 14:46:04  apache2[8487]:  * The apache2 configtest failed.
Oct 09 14:46:04  apache2[8487]: Output of config test was:
Oct 09 14:46:04  apache2[8487]: AH00526: Syntax error on line 118 of /usr/share/modsecurity-crs/activated_rules/modsecurity_crs_20_protocol_violations.conf:

Oct 09 14:46:04  apache2[8487]: ModSecurity: Execution phases can only be specified by chain starter rules.
Oct 09 14:46:04  apache2[8487]: Action 'configtest' failed.
Oct 09 14:46:04  apache2[8487]: The Apache error log may have more information.
Oct 09 14:46:04  systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 09 14:46:04  systemd[1]: Failed to start LSB: Apache2 web server.

以下是该文件中的 118 行:

SecRule FILES_NAMES|FILES "['\";=]" \
  "msg:'Attempted multipart/form-data bypass', \
  severity:'2', \
  id:'960000', \
  ver:'OWASP_CRS/2.2.9', \
  rev:'1', \
  maturity:'9', \
  accuracy:'7', \
  logdata:'%{matched_var}', \
  phase:2, \
  block, \
  t:none,t:urlDecodeUni, \
  114 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ', \
  115 tag:'CAPEC-272', \
  116 setvar:'tx.msg=%{rule.msg}', \
  117 setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, \

  118 setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'"

编辑:

如果我禁用出现错误的规则,它将继续在其他规则上失败,AH00526: Syntax error on line 192 of ...并且每次都会显示:

ModSecurity: Execution phases can only be specified by chain starter rules.

每次遇到下面这一行就会失败:

  setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ-%{matched_var_name}=%{matched_var}'"

知道如何解决这个问题吗?

相关内容