Modsecurity: REQUEST-912-DOS-PROTECTION.conf. Line: 187. Column: 29. Expecting an action, got: ,\

Created on 17 Apr 2018  路  12Comments  路  Source: SpiderLabs/ModSecurity

Hi,
On the ingress-nginx project, we were previously using the v3/dev/performance branch to resolve performance issues (see https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1002).

This branch has now been removed from your repository and the ingress-nginx maintainer has moved back to v3/master, which in turn results in the following error when nginx attempts to use crs:

W0417 16:41:26.641494       7 queue.go:113] requeuing default/at-sauron-web-mobile-service, err
-------------------------------------------------------------------------------
Error: exit status 1
2018/04/17 16:41:26 [emerg] 91#91: "modsecurity_rules_file" directive Rules error. File: /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf. Line: 187. Column: 29. Expecting an action, got:  ,\ in /tmp/nginx-cfg716390297:248
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf. Line: 187. Column: 29. Expecting an action, got:  ,\ in /tmp/nginx-cfg716390297:248
nginx: configuration file /tmp/nginx-cfg716390297 test failed

We're a little stuck as to where to go from here, it's not clear which versions of crs are compatible with which versions of ModSecurity for nginx and would really apprecaite your support in resolving this issue: https://github.com/kubernetes/ingress-nginx/issues/2367

Thanks
Karl

Originally posted at: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1065

3.x

All 12 comments

Hi @Stono,

Seem like the setup script is using the commit hash: d7571979b534ae6d9968a6e3582fb4f5212c3586. We do have the hash: 8d0f51beda5c031e38741c27f29b67f0266352bb which represents the last released version. Do you mind to upgrade? the issue was already fixed in v3.0.2 already.

@zimmerle I've just tested with that commit and it works great :-) thank you for your prompt reply

@zimmerle I'm having the same issue from a git clone -b "v3/master" https://github.com/SpiderLabs/ModSecurity.git or the v3.0.2 tag, any guidance?
I'm using CRS ver.3.1.0

(Mentioning @csanders-git from OWASP CRS)

"modsecurity_rules_file" directive Rules error. File: modsecurity/REQUEST-912-DOS-PROTECTION.conf. Line: 188. Column: 29. Expecting an action, got:  ,\

@HazCod I would suggest to try the build in a clean environment. As there are users reporting that everything is working as expected, we better eliminate any problem on your environment.

Hello @zimmerle , this is in a Docker container with a 3.1 CRS ruleset, so you could say it's a fresh build every time.

Hi @HazCod

so you could say it's a fresh build every time.

This really doesn't explain much on why you might be still having the issue. If your Dockerfile is always building from the 3.0.2 release for instance it will always fail. The same is also true if the fresh build is based on a commit prior to https://github.com/SpiderLabs/ModSecurity/commit/764a2e43ff03370fafa8272f9270160bcad32023.

If you have easy access to the compiled source code you could check your local _git log_ or even diff-ing the changes to make sure your code is the latest.

@HazCod Having the same issue. Going back to CRS v3.0 solved it here.

git clone -b v3.0/master --single-branch https://github.com/SpiderLabs/owasp-modsecurity-crs.git

@victorhora , see comment from someone else above with same issues.
I was checking out from v3/master, which is your master branch where it should be merged?

@binaryanomaly @HazCod

Please make sure you are checking out from v3/master and make sure you are running a supported version of CRS. I just re-tested here again and I'm able to load CRS 3.0 and CRS 3.1-dev just fine.

See https://github.com/SpiderLabs/ModSecurity/issues/1876#issuecomment-420425635

Bear in mind that CRS 3.2-dev does not load due to invalid variables being used in the ruleset. There's a pending fix for this on CRS 3.2: https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/1187

I can confirm that both v3.0/master and v3.1/dev do not produce the error message here the OP mentioned.
This seems to be only the case when not specifying a branch because the then the default branch is v3.2/dev

How do you mean not specifying a branch? We're both supplying -b v3.0/master?

I initially had no branch specified and I guess it worked until the switch to 3.2 happened. That's when I went back to v3.0/master because it's not a dev branch. After seeing what @victorhora wrote I tested with v3.1/dev and it works as well here. I'm building inside a Docker container, too.

Was this page helpful?
0 / 5 - 0 ratings