Skip to content

Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator#1701

Closed
victorhora wants to merge 1 commit intoowasp-modsecurity:v3/masterfrom
victorhora:v3/dev/add-op-SEMICOLON_MISSING
Closed

Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator#1701
victorhora wants to merge 1 commit intoowasp-modsecurity:v3/masterfrom
victorhora:v3/dev/add-op-SEMICOLON_MISSING

Conversation

@victorhora
Copy link
Contributor

@victorhora victorhora commented Mar 9, 2018

MULTIPART_SEMICOLON_MISSING is now accepted by the parser and referred to MultipartMissingSemicolon. Ex: SecRule MULTIPART_SEMICOLON_MISSING "!@eq 0" "id:'200011',phase:2,msg:'MULTIPART_SEMICOLON_MISSING'" results in:

Matched "Operator `Eq' with parameter `0' against variable `MULTIPART_MISSING_SEMICOLON' (Value: `1' ) [id "200011"] [rev ""] [msg "MULTIPART_SEMICOLON_MISSING"]

Suggested temporary addition to the parser related with SpiderLabs/owasp-modsecurity-crs#995, SpiderLabs/owasp-modsecurity-crs#1023 and to avoid issues like SpiderLabs/owasp-modsecurity-crs#1032 and SpiderLabs/owasp-modsecurity-crs#1021.

@victorhora victorhora added RIP - libmodsecurity 3.x Related to ModSecurity version 3.x RIP - Type - Usage Related with usage (not a bug) labels Mar 9, 2018
@victorhora victorhora requested a review from zimmerle March 9, 2018 18:01
@victorhora victorhora mentioned this pull request Mar 9, 2018
Merged
@defanator
Copy link
Contributor

defanator commented Mar 12, 2018
edited
Loading

@victorhora @zimmerle wow. Are you guys going to merge this one before next libmodsecurity release?

On a related note (not sure if you have seen this in slack) - currently libmodsecurity fails to load default crs-setup.conf with the following error:

test@vagrant:~/ModSecurity$ sudo nginx -t
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsec/owasp-crs/crs-setup.conf. Line: 96. Column: 43. SecCollectionTimeout is not yet supported.  in /etc/nginx/nginx.conf:75
nginx: configuration file /etc/nginx/nginx.conf test failed

This error started to appear after this changeset: 64ce412

Appreciate any ideas on how to fix this one as well.

@victorhora victorhora mentioned this pull request Mar 12, 2018
Closed
@victorhora victorhora added this to the v3.0.1 milestone Mar 12, 2018
@victorhora
Copy link
Contributor Author

victorhora commented Mar 12, 2018

hey @defanator, merging this one is my idea to avoid those issues happening too often. I'm not sure if @zimmerle likes this idea too much as it's a dumb/fake variable that gets pointed to the right one in the end... but I don't see an alternative as of now as it might not be backported on CRS 3.0.x

About the issue with the unsupported directive, I've suggested a change at v3/dev/fix-seccol_timeout_err_crs branch. It will make the error go away until the feature is addressed.

zimmerle pushed a commit that referenced this pull request Mar 12, 2018
CHANGES: Adds info about #1701
b59d19e
@zimmerle
Copy link
Contributor

zimmerle commented Mar 12, 2018

Well. I would fix it on OWASP CRS. ModSec v3 points to the error, while v2 silent fails. IMHO the fact that no one is noticing is not a reason to not fix. Ultimately it is a missing check.

Anyhow, this pull request seems to bring a benefit to the less experienced user which is always good. It was indeed a good idea. Merged. Thank you @victorhora.

Yes @defanator, this will be part of our next release.

@zimmerle zimmerle closed this Mar 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimmerle zimmerle Awaiting requested review from zimmerle

Assignees

@zimmerle zimmerle

@victorhora victorhora

Labels

3.x Related to ModSecurity version 3.x RIP - libmodsecurity RIP - Type - Usage Related with usage (not a bug)

Projects

None yet

Milestone

v3.0.1

Development

Successfully merging this pull request may close these issues.

3 participants

@victorhora @defanator @zimmerle