modsec - ModSecurity: Rule processing failed
modsec - ModSecurity: Rule processing failed
Hello,
I just update my modsec rules with the last release of Atomic's Delayed rules, and now I see many errors in my httpd error.log files:
"ModSecurity: Rule processing failed"
What exactly means this message? Does the client still get the page/file requested or see an error message?
Why does it happen?
The strangest thing is that it usually happens when file requested are CSS or image files (jpg/png...).
Thanks for your help and advice on this!
I just update my modsec rules with the last release of Atomic's Delayed rules, and now I see many errors in my httpd error.log files:
"ModSecurity: Rule processing failed"
What exactly means this message? Does the client still get the page/file requested or see an error message?
Why does it happen?
The strangest thing is that it usually happens when file requested are CSS or image files (jpg/png...).
Thanks for your help and advice on this!
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: modsec - ModSecurity: Rule processing failed
What version of modsecurity do you have installed?
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: modsec - ModSecurity: Rule processing failed
Thanks for your answer
My version is 2.5.6 from ART repo.
My version is 2.5.6 from ART repo.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: modsec - ModSecurity: Rule processing failed
Could be that, 2.5.6 is probably 2 years old by now. Current version is 2.5.12
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: modsec - ModSecurity: Rule processing failed
Yeah thats a very old version of modsec, and that error definitely occurred with older versions. Not to mention all versions prior to 2.5.10 had a vulnerability, so you should definitely upgrade.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: modsec - ModSecurity: Rule processing failed
Thanks for your help.
I juste updated to the last version available on ART, and now I've this error all the time:
ModSecurity: Unable to retrieve collection (name "global", key "global"). Use SecDataDir to define data directory first.
Anybody knows how I can solve this problem?
I juste updated to the last version available on ART, and now I've this error all the time:
ModSecurity: Unable to retrieve collection (name "global", key "global"). Use SecDataDir to define data directory first.
Anybody knows how I can solve this problem?
Re: modsec - ModSecurity: Rule processing failed
I finally found the solution here:
http://www.atomicorp.com/forum/viewtopic.php?f=3&t=3679
"I have added SecDataDir /var/asl/data/msa in the config /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf too."
http://www.atomicorp.com/forum/viewtopic.php?f=3&t=3679
"I have added SecDataDir /var/asl/data/msa in the config /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf too."
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: modsec - ModSecurity: Rule processing failed
Make sure you have modsecurity setup per the wiki article:
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
https://www.atomicorp.com/wiki/index.ph ... rity_Rules
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: modsec - ModSecurity: Rule processing failed
Yeeep, you're right, everything's written in the wiki.
I've one last question:
The Rule Updater is only available to ASL customer, right?
As I don't understand where to get a username/password.
Thanks.
I've one last question:
The Rule Updater is only available to ASL customer, right?
As I don't understand where to get a username/password.
Thanks.
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: modsec - ModSecurity: Rule processing failed
You can get a subscription here: https://www.atomicorp.com/acshop.html