After restart of the apache I get this syntax exception:
AH00526: Syntax error on line 36 of /owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf: Error parsing actions: Unknown action: \
This is a bug in Apache you are encountering. You can find it listed in our KNOWN_BUGS (https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0/master/KNOWN_BUGS) Apache in earlier releases has issues with line continuations. To fix it putting a space before the line continuation listed will rectify the issue. You can also update to a newer version of Apache. Sorry
Thanks for the fast response. It麓s Apache 2.4.10 on Debian. There is no newer Stable of Apache2 available at the moment. When I generate the joined .conf and include it, this leads to a lot of syntax errors.
If I include the rules via *.conf and delete the RESPONSE-950-DATA-LEAKAGES.conf before, everything works as expected. So it seems it麓s really only an issue in this one conf.
The current stable release from Apache is 2.4.23. The issue was fixed in 2.4.11 if i'm not mistaken. There is a simply fix though.
While using include *.conf simply go to the location (file, and line) where the issue is listed and add a space ( ' ') before the line continuation char ('). Then try restarting. You may need to do this a couple of times. Sorry for the inconvenience.
Nope, that麓s the general release and not available as stable for debian at the moment - latest version is 2.4.10 (see https://packages.debian.org/search?keywords=apache2&searchon=names&suite=stable§ion=all).
But I was able to fix it with the .py script now - thanks for your support!
No problem. I encourage you as a member of the community to request that Debian update (or backpatch) their releases. Unfortunately 2.4.10 is pretty badly out of date and leads to issues like this. There are of course other non-debian repo's you can add to apt-get that will provide you with the versions needed. Anywho, sorry you ran into this problem - glad you solved it. Let us know if there are other issues.
Hi guys, I have the same issue. But I cannot understand what do you mean by continuation char (').
I have the following error
AH00526: Syntax error on line 36 of /etc/httpd/crs/owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf:
Apr 7 02:14:42 crosp httpd: Error parsing actions: Unknown action: \\
And it points to the 36 line of the file
SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\[To Parent Directory\]<\/[Aa]><br>)" \
"phase:response,\
rev:'2',\
ver:'OWASP_CRS/3.0.0',\
maturity:'9',\
accuracy:'9',\
t:none,\
capture,\
ctl:auditLogParts=+E,\
block,\
msg:'Directory Listing',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
id:950130,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-disclosure',\
tag:'OWASP_CRS/LEAKAGE/INFO_DIRECTORY_LISTING',\
The line 36 is
t:none,
Could you please tell me how can fix the issue without updating the Apache server.
Thank you.
@CROSP on line 36 add a space between the ',' and the '\' -- That oughtta do it :)
@csanders-git Thank you so much. Works like a charm !!
Most helpful comment
@CROSP on line 36 add a space between the ',' and the '\' -- That oughtta do it :)