Closed
Description
Sample configuration:
root@vagrant:/etc/nginx/modsec# cat main.conf
include /etc/nginx/modsec/modsecurity.conf
# OWASP CRS v3.0.0 rules
include /etc/nginx/modsec/owasp-crs/crs-setup.conf
include /etc/nginx/modsec/owasp-crs/rules/*.conf
SecRuleRemoveById 920350
Output of nginx -t:
root@vagrant:/etc/nginx/modsec# nginx -t
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string::at: __n (which is 0) >= this->size() (which is 0)
Aborted (core dumped)
Without extra space after SecRuleRemoveById:
root@vagrant:/etc/nginx/modsec# diff -u main.conf.bad main.conf
--- main.conf.bad 2017-06-05 09:42:22.918097883 +0000
+++ main.conf 2017-06-05 09:42:27.654097883 +0000
@@ -4,4 +4,4 @@
include /etc/nginx/modsec/owasp-crs/crs-setup.conf
include /etc/nginx/modsec/owasp-crs/rules/*.conf
-SecRuleRemoveById 920350
+SecRuleRemoveById 920350
root@vagrant:/etc/nginx/modsec# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Backtrace:
Core was generated by `nginx -t'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
58 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:58
#1 0x00007f911ebaa3ea in __GI_abort () at abort.c:89
#2 0x00007f911d61c58d in __gnu_cxx::__verbose_terminate_handler () at ../../../../src/libstdc++-v3/libsupc++/vterminate.cc:95
#3 0x00007f911d61a336 in __cxxabiv1::__terminate (handler=<optimized out>) at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:47
#4 0x00007f911d61a381 in std::terminate () at ../../../../src/libstdc++-v3/libsupc++/eh_terminate.cc:57
#5 0x00007f911d61a5e9 in __cxxabiv1::__cxa_rethrow () at ../../../../src/libstdc++-v3/libsupc++/eh_throw.cc:125
#6 0x00007f911e6246ea in yy::seclang_parser::parse (this=this@entry=0x7fff10acd270) at seclang-parser.cc:4305
#7 0x00007f911e65f680 in modsecurity::Parser::Driver::parse (this=this@entry=0x5559b453e790,
f="include /etc/nginx/modsec/modsecurity.conf\n\n# OWASP CRS v3.0.0 rules\ninclude /etc/nginx/modsec/owasp-crs/crs-setup.conf\ninclude /etc/nginx/modsec/owasp-crs/rules/*.conf\n\nSecRuleRemoveById 920350\n", ref="/etc/nginx/modsec/main.conf") at parser/driver.cc:141
#8 0x00007f911e65fa51 in modsecurity::Parser::Driver::parseFile (this=this@entry=0x5559b453e790, f="/etc/nginx/modsec/main.conf") at parser/driver.cc:172
#9 0x00007f911e6791a4 in modsecurity::Rules::loadFromUri (this=this@entry=0x5559b453e1f0, uri=uri@entry=0x5559b4540a7f "/etc/nginx/modsec/main.conf") at rules.cc:104
#10 0x00007f911e6794c5 in modsecurity::msc_rules_add_file (rules=0x5559b453e1f0, file=file@entry=0x5559b4540a7f "/etc/nginx/modsec/main.conf", error=error@entry=0x7fff10acd6f0)
at rules.cc:301
#11 0x00007f911e96f7ab in ngx_conf_set_rules_file (cf=<optimized out>, cmd=<optimized out>, conf=0x5559b4540800) at ../ModSecurity-nginx/src/ngx_http_modsecurity_module.c:310
#12 0x00005559b3093ff9 in ngx_conf_handler (last=0, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#13 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x0) at src/core/ngx_conf_file.c:318
#14 0x00005559b30b8ee7 in ngx_http_core_location (cf=0x7fff10ace3d0, cmd=<optimized out>, dummy=<optimized out>) at src/http/ngx_http_core_module.c:3206
#15 0x00005559b3093ff9 in ngx_conf_handler (last=1, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#16 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x0) at src/core/ngx_conf_file.c:318
#17 0x00005559b30b7d1e in ngx_http_core_server (cf=0x7fff10ace3d0, cmd=<optimized out>, dummy=<optimized out>) at src/http/ngx_http_core_module.c:2978
#18 0x00005559b3093ff9 in ngx_conf_handler (last=1, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#19 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x0) at src/core/ngx_conf_file.c:318
#20 0x00005559b30b2c5a in ngx_http_block (cf=0x7fff10ace3d0, cmd=<optimized out>, conf=0x5559b44c07a0) at src/http/ngx_http.c:237
#21 0x00005559b3093ff9 in ngx_conf_handler (last=1, cf=0x7fff10ace3d0) at src/core/ngx_conf_file.c:462
#22 ngx_conf_parse (cf=cf@entry=0x7fff10ace3d0, filename=filename@entry=0x5559b44bf990) at src/core/ngx_conf_file.c:318
#23 0x00005559b3091871 in ngx_init_cycle (old_cycle=0x7fff10ace590) at src/core/ngx_cycle.c:277
#24 0x00005559b307f4ac in main (argc=<optimized out>, argv=<optimized out>) at src/core/nginx.c:277
(gdb)
Metadata
Metadata
Assignees
Labels
No labels