Skip to content

Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator #1701

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator #1701

wants to merge 1 commit into from

Conversation

victorhora
Copy link
Contributor

MULTIPART_SEMICOLON_MISSING is now accepted by the parser and referred to MultipartMissingSemicolon. Ex: SecRule MULTIPART_SEMICOLON_MISSING "!@eq 0" "id:'200011',phase:2,msg:'MULTIPART_SEMICOLON_MISSING'" results in:

Matched "Operator `Eq' with parameter `0' against variable `MULTIPART_MISSING_SEMICOLON' (Value: `1' ) [id "200011"] [rev ""] [msg "MULTIPART_SEMICOLON_MISSING"]

Suggested temporary addition to the parser related with SpiderLabs/owasp-modsecurity-crs#995, SpiderLabs/owasp-modsecurity-crs#1023 and to avoid issues like SpiderLabs/owasp-modsecurity-crs#1032 and SpiderLabs/owasp-modsecurity-crs#1021.

@victorhora victorhora added RIP - libmodsecurity 3.x Related to ModSecurity version 3.x RIP - Type - Usage Related with usage (not a bug) labels Mar 9, 2018
@victorhora victorhora requested a review from zimmerle March 9, 2018 18:01
@victorhora victorhora mentioned this pull request Mar 9, 2018
Merged
@defanator
Copy link
Contributor

defanator commented Mar 12, 2018
edited
Loading

@victorhora @zimmerle wow. Are you guys going to merge this one before next libmodsecurity release?

On a related note (not sure if you have seen this in slack) - currently libmodsecurity fails to load default crs-setup.conf with the following error:

test@vagrant:~/ModSecurity$ sudo nginx -t
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsec/owasp-crs/crs-setup.conf. Line: 96. Column: 43. SecCollectionTimeout is not yet supported.  in /etc/nginx/nginx.conf:75
nginx: configuration file /etc/nginx/nginx.conf test failed

This error started to appear after this changeset: 64ce412

Appreciate any ideas on how to fix this one as well.

@victorhora victorhora mentioned this pull request Mar 12, 2018
Closed
@victorhora victorhora added this to the v3.0.1 milestone Mar 12, 2018
@victorhora
Copy link
Contributor Author

hey @defanator, merging this one is my idea to avoid those issues happening too often. I'm not sure if @zimmerle likes this idea too much as it's a dumb/fake variable that gets pointed to the right one in the end... but I don't see an alternative as of now as it might not be backported on CRS 3.0.x

About the issue with the unsupported directive, I've suggested a change at v3/dev/fix-seccol_timeout_err_crs branch. It will make the error go away until the feature is addressed.

zimmerle pushed a commit that referenced this pull request Mar 12, 2018
CHANGES: Adds info about #1701
b59d19e
@zimmerle
Copy link
Contributor

Well. I would fix it on OWASP CRS. ModSec v3 points to the error, while v2 silent fails. IMHO the fact that no one is noticing is not a reason to not fix. Ultimately it is a missing check.

Anyhow, this pull request seems to bring a benefit to the less experienced user which is always good. It was indeed a good idea. Merged. Thank you @victorhora.

Yes @defanator, this will be part of our next release.

@zimmerle zimmerle closed this Mar 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zimmerle zimmerle Awaiting requested review from zimmerle

Assignees

@zimmerle zimmerle

@victorhora victorhora

Labels
3.x Related to ModSecurity version 3.x RIP - libmodsecurity RIP - Type - Usage Related with usage (not a bug)
Projects
None yet
Milestone
v3.0.1
Development

Successfully merging this pull request may close these issues.
3 participants
@victorhora @defanator @zimmerle