我正在尝试在ModSecurity 2.9.1(Apache \ Ubuntu)上实现OWASP CRS 3.0.0-rc1
启动Apache时,我收到以下错误。
AH00526: Syntax error on line 35 of /etc/apache2/conf/crs/rules/RESPONSE-50-DATA-LEAKAGES-PHP.conf:
Error parsing actions: Unknown action: \\
Action 'configtest' failed.
这是规则集的片段
RESPONSE-50-DATA-泄漏-PHP.conf:
SecRule RESPONSE_BODY "@pmf php-errors.data" \
"msg:'PHP Information Leakage',\
id:'950180',\
phase:response,\
ver:'OWASP_CRS/3.0.0',\
rev:'3',\
maturity:'9',\
accuracy:'9',\
t:none,\
capture,\
ctl:auditLogParts=+E,\ THIS IS LINE 35
block,\
出于某种原因,如果我只是将第35行移动一个......
capture,ctl:auditLogParts=+E,\
它不再对这个文件发出嘎嘎声......但我得到了另一个错误
AH00526: Syntax error on line 31 of /etc/apache2/conf/crs/rules/RESPONSE-50-DATA-LEAKAGES.conf:
Error parsing actions: Unknown action: \\
RESPONSE-50-DATA-LEAKAGES.conf:
SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]><br>)" \
"phase:response,\
rev:'2',\
ver:'OWASP_CRS/3.0.0',\
maturity:'9',\
accuracy:'9',\
t:none,\ THIS IS LINE 31
capture,\
再次通过与上面的线组合来解决。
accuracy:'9',t:none,\
奇怪的是,它的内容并不相同......
我只想试着解决导致此错误的原因。它会是ModSecurity 2.9.1中的错误还是RuleSet本身的错误?或者解析多行字符的方式?
答案 0 :(得分:1)
这是一个已知的apache bug;修正于2.4.11。