Voters 3
-
-
K
-
J
Mod_security rules comments are broken
- Live
|
K |
kam821 |
Hello.
I would like to report you, that adding mod_security rule with comment in DA causes error in httpd/error_log.
2022-10-06 23:32:27.231486 [ERROR] [1747649] [Module:mod_security]setSecRule(type 2) /usr/local/directadmin/data/users/[redacted]/domains/[redacted].modsecurity_rules failed, ret -1, reason: 'Rules error. File: . Line: 1. Column: 0. SecRuleRemoveById: failed to load:9507010 # Enable Wordpress exclusions. Not a number or range: # '.
I'm not sure if the problem is related only to openlitespeed, but I think that this is an attribute of the whole mod_security, because rules I find so far don't have comment placed in line with the rule itself.
The current modsecurity_rules DA format actually looks like this:
SecRuleRemoveById xxx # Comment xxx
SecRuleRemoveById yyy # Comment yyy
Maybe a good solution would be to change the format to something like this:
# Comment xxx
SecRuleRemoveById xxx
# Comment yyy
SecRuleRemoveById yyy
Best regards
Activity Newest / Oldest
Mindaugas
Fixed in DirectAdmin v1.650
docs.directadmin.com/changelog/version-1.650.html#modsecurity-comments
Mindaugas
Status changed to: Live
Mindaugas
Status changed to: In progress
Kinny Kun
this issued may affect to all Web Server ( nginx apache ols).
forum.directadmin.com/threads/directadmin-v1-648-has-been-released.68212/post-360932
Gedas
Status changed to: Planned
Jason McOrmick
Yes! I can't believe this is a thing, but it is... Even 6 months later.