Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Unable to remove rule 960012 with SecRuleRemoveById
See original GitHub issue_Issue originally created by user level420 on date 2013-11-12 16:51:05. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/156._
I’m trying create a setup for a subversion dav over http server. I’ve successfully managed to enable the needed content-type ‘application/vnd.svn*’ and the request methods like PROPFIND etc.
While trying to commit to the repositories which are served via the above setup, I’m getting a rule violation against rule id “960012” in modsecurity_crs_20_protocol_violations.conf, line 312, which is caused by the javahl svn client of eclipse.
I’ve tried to disable the rule via
<LocationMatch /* >
<IfModule mod_security2.c>
SecRuleRemoveById 960012
</IfModule>
</LocationMatch>
with no success.
I’ve seen in line 312 of modsecurity_crs_20_protocol_violations.conf that rule id 960012 has a chained rule which has no rule id.
Would I need to also disable the chained rule, which of course, I can’t do because of the missing rule id?
Is this a bug or a newbies common mistake?
Regards Dietrich
Issue Analytics
- State:
- Created 3 years ago
- Comments:7
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
User rcbarnett-zz commented on date 2014-05-22 19:03:57:
The issue is that you are trying to do exceptions for Phase:1 ModSecurity rules within Apache scope locations and those aren’t processed until Phase:2. You should instead do something like this in a modsecurity_crs_10_custom.conf file -
SecRule REQUEST_FILENAME “beginsWith /svn” “id:123,phase:1,t:none,nolog,pass,ctl:ruleRemoveById=960012”
User lifeforms commented on date 2018-06-09 13:40:49:
Hotboy178 It’s probably better if you open a new issue for this. Please include the relevant part of your ModSecurity audit log (usually in
/var/log/modsec_audit.logor a similar location) Otherwise we cannot tell what’s exactly happening…