mod_security 2.7.4-15 and mlogc 2.6.8-3 regex error
Posted: Fri May 31, 2013 8:32 am
Hello,
I am running mod_security 2.7.4-15 installed from the atomic repo and mlogc 2.6.8-3 on Centos 5.9. Mlogc is getting the following "Invalid entry (failed to match regex)" errors in /var/log/mlogc/mlogc-error.log
[Fri May 31 04:42:26 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0442/20130531-044225-brIYHkEXmdkAAH-NkEcAAAAC] (null)
[Fri May 31 04:42:26 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0442/20130531-044226-br-jL0EXmdkAAFtMj@0AAAAO] (null)
[Fri May 31 05:02:20 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [301] [/20130531/20130531-0502/20130531-050220-teUvU0EXmdkAAFs5e@8AAAAF] [file \"/etc/httpd/modsecurity.d/00_asl_zz_strict.conf\"] [line \"73\"] [id \"331032\"] [rev \"2\"] [msg \"Atomicorp.com UNSUPPORTED DELAYED Rules: Suspicious activity detected - Host header is a numeric IP address\"] [severity \"NOTICE\"] Warning. Match of \"ipMatch 127.0.0.1,::1\" against \"REMOTE_ADDR\" required.
[Fri May 31 05:02:20 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [301] [/20130531/20130531-0502/20130531-050220-tecvv0EXmdkAAFtUI8gAAAAW] [file \"/etc/httpd/modsecurity.d/00_asl_zz_strict.conf\"] [line \"73\"] [id \"331032\"] [rev \"2\"] [msg \"Atomicorp.com UNSUPPORTED DELAYED Rules: Suspicious activity detected - Host header is a numeric IP address\"] [severity \"NOTICE\"] Warning. Match of \"ipMatch 127.0.0.1,::1\" against \"REMOTE_ADDR\" required.
[Fri May 31 06:43:54 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0643/20130531-064354-ISJi@0EXmdkAAFs5e-UAAAAF] (null)
[Fri May 31 06:43:54 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0643/20130531-064354-IS3XFkEXmdkAAFtUI84AAAAW] (null)
Any help would be much appreciated.
I am running mod_security 2.7.4-15 installed from the atomic repo and mlogc 2.6.8-3 on Centos 5.9. Mlogc is getting the following "Invalid entry (failed to match regex)" errors in /var/log/mlogc/mlogc-error.log
[Fri May 31 04:42:26 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0442/20130531-044225-brIYHkEXmdkAAH-NkEcAAAAC] (null)
[Fri May 31 04:42:26 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0442/20130531-044226-br-jL0EXmdkAAFtMj@0AAAAO] (null)
[Fri May 31 05:02:20 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [301] [/20130531/20130531-0502/20130531-050220-teUvU0EXmdkAAFs5e@8AAAAF] [file \"/etc/httpd/modsecurity.d/00_asl_zz_strict.conf\"] [line \"73\"] [id \"331032\"] [rev \"2\"] [msg \"Atomicorp.com UNSUPPORTED DELAYED Rules: Suspicious activity detected - Host header is a numeric IP address\"] [severity \"NOTICE\"] Warning. Match of \"ipMatch 127.0.0.1,::1\" against \"REMOTE_ADDR\" required.
[Fri May 31 05:02:20 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [301] [/20130531/20130531-0502/20130531-050220-tecvv0EXmdkAAFtUI8gAAAAW] [file \"/etc/httpd/modsecurity.d/00_asl_zz_strict.conf\"] [line \"73\"] [id \"331032\"] [rev \"2\"] [msg \"Atomicorp.com UNSUPPORTED DELAYED Rules: Suspicious activity detected - Host header is a numeric IP address\"] [severity \"NOTICE\"] Warning. Match of \"ipMatch 127.0.0.1,::1\" against \"REMOTE_ADDR\" required.
[Fri May 31 06:43:54 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0643/20130531-064354-ISJi@0EXmdkAAFs5e-UAAAAF] (null)
[Fri May 31 06:43:54 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0643/20130531-064354-IS3XFkEXmdkAAFtUI84AAAAW] (null)
Any help would be much appreciated.