3

Mod_security rules comments are broken

  • Live

K
kam821

Hello.
I would like to report you, that adding mod_security rule with comment in DA causes error in httpd/error_log.

2022-10-06 23:32:27.231486 [ERROR] [1747649] [Module:mod_security]setSecRule(type 2) /usr/local/directadmin/data/users/[redacted]/domains/[redacted].modsecurity_rules failed, ret -1, reason: 'Rules error. File: . Line: 1. Column: 0. SecRuleRemoveById: failed to load:9507010 # Enable Wordpress exclusions. Not a number or range: # '.

I'm not sure if the problem is related only to openlitespeed, but I think that this is an attribute of the whole mod_security, because rules I find so far don't have comment placed in line with the rule itself.

The current modsecurity_rules DA format actually looks like this:
SecRuleRemoveById xxx # Comment xxx
SecRuleRemoveById yyy # Comment yyy

Maybe a good solution would be to change the format to something like this:
# Comment xxx
SecRuleRemoveById xxx

# Comment yyy
SecRuleRemoveById yyy

Best regards

A

Activity Newest / Oldest

Avatar

Mindaugas

Status changed to: Live

Avatar

Mindaugas

Status changed to: In progress

Avatar

Ohm

this issued may affect to all Web Server ( nginx apache ols).

forum.directadmin.com/threads/directadmin-v1-648-has-been-released.68212/post-360932


Avatar

Gedas

Status changed to: Planned

J

Jason McOrmick

Yes! I can't believe this is a thing, but it is... Even 6 months later.