Odd Behaviour with 98_asl_adv_redactor.conf
Posted: Fri May 08, 2015 5:44 am
HI,
I am hoping someone could shed some insight to the following issue I am having, but first the basics:
System Details
CentOS - cPanel Server
Apache 2.2
ModSec 2.8.0
PHP 5.4
Now The Problem
Starting apache, yields no start as up with out errors, which incredibly frustrating at first, after some strace shenanigans we found the following:
6808 write(2, "Syntax error on line 122 of /usr/local/apache/conf/asl_rules/modsec/98_asl_adv_redactor.conf:\n", 94) = 94
6808 write(2, "Error creating rule: Error rsub operator parsing input data\n", 60) = 60
6808 select(0, NULL, NULL, NULL, {0, 10000}) = 0 (Timeout)
Oh thats easy I though, commented out the Include to 98_asl_adv_redactor.conf, and apache is working 100%. After some playing around in the conf file I found that if you comment rule ID 373717, apaceh works, same goes for chain id's 373786 , 310703. But having all three cause apache to not start.
Now the wierd part this is only happening on one of my servers, being relitivly new to ModSecurity, I am gonna assume the rules will need one of the following: Read , Write or Network access.
As Mentioned Hope someone can shed some light on further debugging.
I am hoping someone could shed some insight to the following issue I am having, but first the basics:
System Details
CentOS - cPanel Server
Apache 2.2
ModSec 2.8.0
PHP 5.4
Now The Problem
Starting apache, yields no start as up with out errors, which incredibly frustrating at first, after some strace shenanigans we found the following:
6808 write(2, "Syntax error on line 122 of /usr/local/apache/conf/asl_rules/modsec/98_asl_adv_redactor.conf:\n", 94) = 94
6808 write(2, "Error creating rule: Error rsub operator parsing input data\n", 60) = 60
6808 select(0, NULL, NULL, NULL, {0, 10000}) = 0 (Timeout)
Oh thats easy I though, commented out the Include to 98_asl_adv_redactor.conf, and apache is working 100%. After some playing around in the conf file I found that if you comment rule ID 373717, apaceh works, same goes for chain id's 373786 , 310703. But having all three cause apache to not start.
Now the wierd part this is only happening on one of my servers, being relitivly new to ModSecurity, I am gonna assume the rules will need one of the following: Read , Write or Network access.
As Mentioned Hope someone can shed some light on further debugging.