Syntax error?
Syntax error?
I'm getting a syntax error message with version 201406041407 of the rules:
$ sudo service httpd -t
AH00526: Syntax error on line 82 of /usr/local/apache/conf/modsec_rules/00_asl_zz_strict.conf:
Error creating rule: Could not add entry "127.0.0.0/8" from: 127.0.0.0/8.
Reverted to version 201406031837 and everything works fine.
This is on a cPanel server, in case it matters.
$ sudo service httpd -t
AH00526: Syntax error on line 82 of /usr/local/apache/conf/modsec_rules/00_asl_zz_strict.conf:
Error creating rule: Could not add entry "127.0.0.0/8" from: 127.0.0.0/8.
Reverted to version 201406031837 and everything works fine.
This is on a cPanel server, in case it matters.
Re: Syntax error?
We are seeing the same on each cpanel server we run easyapache on...
It would appear the current rule set is fine on machines that are still running 2.7.x but the machines that have 2.8 modsec are all throwing this same error. This is centos 6, fast cgi,
This is causing a lot of work...
It would appear the current rule set is fine on machines that are still running 2.7.x but the machines that have 2.8 modsec are all throwing this same error. This is centos 6, fast cgi,
This is causing a lot of work...
Re: Syntax error?
I came across a note in the Wiki stating that the rules are tested on 2.7.7 and that 2.8 is not supported, so that probably explains it.
Re: Syntax error?
I think I have found the cause, but I'm sat in a hospital on an ipad, so will have to look more closely when I'm in the office
https://github.com/SpiderLabs/ModSecurity/issues/706
https://github.com/SpiderLabs/ModSecurity/issues/706
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Syntax error?
Yeah, 2.8 has some pretty serious issues still. We recommend sticking with 2.7.7 until that particular one has been resolved.
Re: Syntax error?
We recommend sticking with 2.7.7
Hi Scott, and thank you for taking time to pitch in. The problem for fleets running cpanel is that this is unavoidable with EasyApache.
Given the impact this is no doubt going to have as more hosters happen to run EApache, I would be grateful if you could give this more attention. Right now, we are going to have to either edit the rules on every server when they are updated, or stop the updates - neither of which is optimal.
Look forward to your feedback.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Syntax error?
Unfortunately, its not a rule issue so for rules only users theres nothing we can do if you chose to use 2.8. 2.8 broke support for IP addresses. So theres nothing we can do to make rules that use IP addresses, like whitelists for example, work with 2.8. The code in 2.8 to handle IPs is broken.
So heres a solution that will work:
1) disable modsecurity in cpanel and uninstall it
2) use aum to install modsecurity. Which will install a version thats tested and works correctly
If you use our tools use our tools to install and manage modsecurity we'll make sure your system is using a version of modsecurity that works, and never leave you in a lurch like this.
So heres a solution that will work:
1) disable modsecurity in cpanel and uninstall it
2) use aum to install modsecurity. Which will install a version thats tested and works correctly
If you use our tools use our tools to install and manage modsecurity we'll make sure your system is using a version of modsecurity that works, and never leave you in a lurch like this.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Syntax error?
Easier said than done... But I accept your reasoning.mikeshinn wrote: 2) use aum to install modsecurity. Which will install a version thats tested and works correctly
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Syntax error?
Just remember, 2.8.0 has lots of bugs in it, dont use it.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: Syntax error?
Don't tell me, go tell cPanel, or better yet, blog about how they have made a really dumb decision - they seem blissfully unaware, and have pushed it out to everyone... Doh!!!
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Syntax error?
Yeah thats a shame. My advice to any vendor that ships modsecurity is to really follow the development lists more closely, theres several known bugs in 2.8.0 that have been discussed for weeks and make it clear to not use 2.8.0 at this time.
We've added an FAQ for anyone else that runs into this known bug in 2.8.0 along with a solution:
https://www.atomicorp.com/wiki/index.ph ... _add_entry
We've added an FAQ for anyone else that runs into this known bug in 2.8.0 along with a solution:
https://www.atomicorp.com/wiki/index.ph ... _add_entry
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone