Atomicorp

Hello,

I just update my modsec rules with the last release of Atomic's Delayed rules, and now I see many errors in my httpd error.log files:

"ModSecurity: Rule processing failed"

What exactly means this message? Does the client still get the page/file requested or see an error message?
Why does it happen?

The strangest thing is that it usually happens when file requested are CSS or image files (jpg/png...).

Thanks for your help and advice on this!

What version of modsecurity do you have installed?

Thanks for your answer

My version is 2.5.6 from ART repo.

Could be that, 2.5.6 is probably 2 years old by now. Current version is 2.5.12

Yeah thats a very old version of modsec, and that error definitely occurred with older versions. Not to mention all versions prior to 2.5.10 had a vulnerability, so you should definitely upgrade.

Thanks for your help.
I juste updated to the last version available on ART, and now I've this error all the time:

ModSecurity: Unable to retrieve collection (name "global", key "global"). Use SecDataDir to define data directory first.

Anybody knows how I can solve this problem?

I finally found the solution here:
http://www.atomicorp.com/forum/viewtopic.php?f=3&t=3679

"I have added SecDataDir /var/asl/data/msa in the config /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf too."

Make sure you have modsecurity setup per the wiki article:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

Yeeep, you're right, everything's written in the wiki.

I've one last question:
The Rule Updater is only available to ASL customer, right?
As I don't understand where to get a username/password.

Thanks.

You can get a subscription here: https://www.atomicorp.com/acshop.html