New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libmodsecurity3: SecAction can't be disabled via ctl action #3053
Comments
Hi @EsadCetiner, many thanks for your detailed answer here too. I'm sorry that I didn't see the original report, now I wrote an answer under that issue. I keep this issue open while it won't be clear that this behavior is really a bug or your config has some mistake. Or feel free to close it if you think that's not a ModSecurity issue. Thanks again. |
Thank you for the reply @airween, I wasn't able to respond earlier but I have time now. I didn't use the Request is blocked with 403, as expected when using this code
Request is allowed with 200 when using this code, which is not expected behavior.
This is how I'm including the files into ModSecurity, in case your doing it a bit different to me:
nginx.conf:
And I have My test environment is minimal, so I'm not sure what kind of a config issue it could be. This is my debug log (set to 4) when trying to disable a SecAction. all that stood out to me was this, which as I understand it, means that rule 2 wasn't disabled.
And this is when I'm disabling a SecRule, where everything is working as expected. If your still having trouble reproducing, I can try to give you a test environment for you to download where the issue occurs. |
Hi @EsadCetiner, thanks again your detailed report - now I see the problem. Meantime we chatted about this issue and we convinced that it works on Apache (mod_security2). I created a regression test file, anyone can try this issue. I think we should change the behavior of the engine that it should disable Any other opinions are welcome. |
Describe the bug
In libmodsecurity3, SecAction can't be disabled via a ctl action like with SecRules. This issue isn't present in ModSecurity2.
Logs and dumps
N/A
To Reproduce
Steps to reproduce the behavior:
apt install nginx-extras libnginx-mod-http-modsecurity
SecRuleEngine
directive set to on, but it shouldn't matter what rulesets are used.Include /etc/nginx/modsecurity/coreruleset/rules/*.conf
)curl 127.0.0.1?exec/bin/bash
Expected behavior
SecActions rules should be disableable via a ctl action, just like SecRules.
Server:
Rule Set:
Additional context
This issue currently affects some CRS plugins such as Nextcloud or WordPress, if you wish to use them in a reverse proxy and want to selectively enable/disable the plugins for certain domains.
The text was updated successfully, but these errors were encountered: