Page 1 of 1
modsec - ModSecurity: Rule processing failed
Posted: Fri Nov 26, 2010 4:50 am
by albans
Hello,
I just update my modsec rules with the last release of Atomic's Delayed rules, and now I see many errors in my httpd error.log files:
"ModSecurity: Rule processing failed"
What exactly means this message? Does the client still get the page/file requested or see an error message?
Why does it happen?
The strangest thing is that it usually happens when file requested are CSS or image files (jpg/png...).
Thanks for your help and advice on this!
Re: modsec - ModSecurity: Rule processing failed
Posted: Fri Nov 26, 2010 11:55 am
by mikeshinn
What version of modsecurity do you have installed?
Re: modsec - ModSecurity: Rule processing failed
Posted: Sat Nov 27, 2010 7:23 am
by albans
Thanks for your answer
My version is 2.5.6 from ART repo.
Re: modsec - ModSecurity: Rule processing failed
Posted: Sat Nov 27, 2010 11:19 am
by scott
Could be that, 2.5.6 is probably 2 years old by now. Current version is 2.5.12
Re: modsec - ModSecurity: Rule processing failed
Posted: Sat Nov 27, 2010 11:40 am
by mikeshinn
Yeah thats a very old version of modsec, and that error definitely occurred with older versions. Not to mention all versions prior to 2.5.10 had a vulnerability, so you should definitely upgrade.
Re: modsec - ModSecurity: Rule processing failed
Posted: Sat Nov 27, 2010 4:48 pm
by albans
Thanks for your help.
I juste updated to the last version available on ART, and now I've this error all the time:
ModSecurity: Unable to retrieve collection (name "global", key "global"). Use SecDataDir to define data directory first.
Anybody knows how I can solve this problem?
Re: modsec - ModSecurity: Rule processing failed
Posted: Sat Nov 27, 2010 4:56 pm
by albans
I finally found the solution here:
http://www.atomicorp.com/forum/viewtopic.php?f=3&t=3679
"I have added SecDataDir /var/asl/data/msa in the config /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf too."
Re: modsec - ModSecurity: Rule processing failed
Posted: Sat Nov 27, 2010 10:56 pm
by mikeshinn
Make sure you have modsecurity setup per the wiki article:
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Re: modsec - ModSecurity: Rule processing failed
Posted: Tue Nov 30, 2010 11:21 am
by albans
Yeeep, you're right, everything's written in the wiki.
I've one last question:
The Rule Updater is only available to ASL customer, right?
As I don't understand where to get a username/password.
Thanks.
Re: modsec - ModSecurity: Rule processing failed
Posted: Tue Nov 30, 2010 12:16 pm
by scott