我刚刚将我的服务器从 14.04 更新到 16.04 LTS,一切都正常,除了 apache2 由于语法错误而开始失败modsecurity。
如果我禁用该规则:
Oct 09 14:46:04 apache2[8487]: AH00526: Syntax error on line 118 of /usr/share/modsecurity-crs/activated_rules...
它将继续违反其他不同的规则,我不确定为什么会发生这种情况,以前它运行良好。
以下是完整日志:
Oct 09 14:46:03 apache2[8487]: * Starting Apache httpd web server apache2
Oct 09 14:46:04 apache2[8487]: *
Oct 09 14:46:04 apache2[8487]: * The apache2 configtest failed.
Oct 09 14:46:04 apache2[8487]: Output of config test was:
Oct 09 14:46:04 apache2[8487]: AH00526: Syntax error on line 118 of /usr/share/modsecurity-crs/activated_rules/modsecurity_crs_20_protocol_violations.conf:
Oct 09 14:46:04 apache2[8487]: ModSecurity: Execution phases can only be specified by chain starter rules.
Oct 09 14:46:04 apache2[8487]: Action 'configtest' failed.
Oct 09 14:46:04 apache2[8487]: The Apache error log may have more information.
Oct 09 14:46:04 systemd[1]: apache2.service: Control process exited, code=exited status=1
Oct 09 14:46:04 systemd[1]: Failed to start LSB: Apache2 web server.
以下是该文件中的 118 行:
SecRule FILES_NAMES|FILES "['\";=]" \
"msg:'Attempted multipart/form-data bypass', \
severity:'2', \
id:'960000', \
ver:'OWASP_CRS/2.2.9', \
rev:'1', \
maturity:'9', \
accuracy:'7', \
logdata:'%{matched_var}', \
phase:2, \
block, \
t:none,t:urlDecodeUni, \
114 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ', \
115 tag:'CAPEC-272', \
116 setvar:'tx.msg=%{rule.msg}', \
117 setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, \
118 setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'"
编辑:
如果我禁用出现错误的规则,它将继续在其他规则上失败,AH00526: Syntax error on line 192 of ...并且每次都会显示:
ModSecurity: Execution phases can only be specified by chain starter rules.
每次遇到下面这一行就会失败:
setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ-%{matched_var_name}=%{matched_var}'"
知道如何解决这个问题吗?