Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-338

mod_security generating error messages to error_log

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • httpd 2.4.23 GA, httpd 2.4.23 SP1 DR3
    • httpd, mod_security, rpm, zip
    • None
    • Compatibility/Configuration, User Experience
    • Hide
      1. download zip or install rpms
      2. create or modify conf.d/mod_security.conf file 
        LoadModule security2_module modules/mod_security2.so
    <IfModule security2_module>
        SecRuleEngine On
        SecCollectionTimeout 15
        SecDataDir /tmp
        SecDebugLog logs/modsec-debug-GLOBAL-initcol.log
        SecDebugLogLevel 9

        SecRule REQUEST_COOKIES:SESSIONID !^$  phase:1,id:110,nolog,pass,setsid:%{REQUEST_COOKIES.SESSIONID}
        SecAction phase:1,id:111,nolog,pass,setvar:SESSION.my_counter=+1
 
        SecAction phase:1,id:112,nolog,pass,initcol:global=counter
        SecAction phase:1,id:113,nolog,pass,setvar:global.counter=+1
        
    </IfModule>
      3. send server some amount of requests 
        sbin/ab -k -n 100 -c 80 -H "Cookie: SESSIONID=testid" http://127.0.0.1/
      4. check errors presence at error_log 
        grep "error" logs/error_log
      Show
      download zip or install rpms create or modify conf.d/mod_security.conf file LoadModule security2_module modules/mod_security2.so <IfModule security2_module> SecRuleEngine On SecCollectionTimeout 15 SecDataDir /tmp SecDebugLog logs/modsec-debug-GLOBAL-initcol.log SecDebugLogLevel 9 SecRule REQUEST_COOKIES:SESSIONID !^$ phase:1,id:110,nolog,pass,setsid:%{REQUEST_COOKIES.SESSIONID} SecAction phase:1,id:111,nolog,pass,setvar:SESSION.my_counter=+1 SecAction phase:1,id:112,nolog,pass,initcol:global=counter SecAction phase:1,id:113,nolog,pass,setvar:global.counter=+1 </IfModule> send server some amount of requests sbin/ab -k -n 100 -c 80 -H "Cookie: SESSIONID=testid" http://127.0.0.1/ check errors presence at error_log grep "error" logs/error_log

      Using SecDataDir along with global.counter or SESSION.counter generates errors in error_log.

      [Thu Apr 27 05:39:10.111929 2017] [:error] [pid 12126] [client ::1:39910] [client ::1] ModSecurity: Could not set variable "SESSION.my_counter" as the collection does not exist. [hostname "localhost"] [uri "*"] [unique_id "WQG8PgoQW7sAAC9enFEAAAAQ"]
[Thu Apr 27 05:39:11.113296 2017] [:error] [pid 12129] [client ::1:39912] [client ::1] ModSecurity: Could not set variable "SESSION.my_counter" as the collection does not exist. [hostname "localhost"] [uri "*"] [unique_id "WQG8PwoQW7sAAC9hznsAAAAT"]

              gzaronik@redhat.com George Zaronikas
              jonderka@redhat.com Jan Onderka
              Jan Onderka Jan Onderka
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: