mod_security 2.7.4-15 and mlogc 2.6.8-3 regex error

Community support forums for the free/delayed modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the delayed modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
JWinTX
New Forum User
New Forum User
Posts: 3
Joined: Fri May 31, 2013 7:44 am
Location: US

mod_security 2.7.4-15 and mlogc 2.6.8-3 regex error

Unread post by JWinTX »

Hello,

I am running mod_security 2.7.4-15 installed from the atomic repo and mlogc 2.6.8-3 on Centos 5.9. Mlogc is getting the following "Invalid entry (failed to match regex)" errors in /var/log/mlogc/mlogc-error.log

[Fri May 31 04:42:26 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0442/20130531-044225-brIYHkEXmdkAAH-NkEcAAAAC] (null)
[Fri May 31 04:42:26 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0442/20130531-044226-br-jL0EXmdkAAFtMj@0AAAAO] (null)
[Fri May 31 05:02:20 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [301] [/20130531/20130531-0502/20130531-050220-teUvU0EXmdkAAFs5e@8AAAAF] [file \"/etc/httpd/modsecurity.d/00_asl_zz_strict.conf\"] [line \"73\"] [id \"331032\"] [rev \"2\"] [msg \"Atomicorp.com UNSUPPORTED DELAYED Rules: Suspicious activity detected - Host header is a numeric IP address\"] [severity \"NOTICE\"] Warning. Match of \"ipMatch 127.0.0.1,::1\" against \"REMOTE_ADDR\" required.
[Fri May 31 05:02:20 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [301] [/20130531/20130531-0502/20130531-050220-tecvv0EXmdkAAFtUI8gAAAAW] [file \"/etc/httpd/modsecurity.d/00_asl_zz_strict.conf\"] [line \"73\"] [id \"331032\"] [rev \"2\"] [msg \"Atomicorp.com UNSUPPORTED DELAYED Rules: Suspicious activity detected - Host header is a numeric IP address\"] [severity \"NOTICE\"] Warning. Match of \"ipMatch 127.0.0.1,::1\" against \"REMOTE_ADDR\" required.
[Fri May 31 06:43:54 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0643/20130531-064354-ISJi@0EXmdkAAFs5e-UAAAAF] (null)
[Fri May 31 06:43:54 2013] [2] [6803/9a89aa8] Invalid entry (failed to match regex): [modsecurity] [client xxx.xxx.xxx.xxx] [domain xxx.xxx.xxx.xxx] [403] [/20130531/20130531-0643/20130531-064354-IS3XFkEXmdkAAFtUI84AAAAW] (null)

Any help would be much appreciated.
Post Reply