Matched "Operator `Eq' with parameter `0' against variable `MULTIPART_STRICT_ERROR' (Value: `1' ) [id "200003"] v.3.2

[iniwidi]

Hello I got this error :

ModSecurity: Access denied with code 400 (phase 2). Matched "Operator Eq' with parameter 0' against variable MULTIPART_STRICT_ERROR' (Value: 1' ) [file "/etc/nginx/modsec/conf/example.org/modsecurity.conf"] [line "55"] [id "200003"] [rev ""] [msg "Multipart request body failed strict validation: \\x0aPE 0, \\x0aBQ 0, \\x0aBW 0, \\x0aDB 0, \\x0aDA 0, \\x0aHF 0, \\x0aLF 0, \\x0aSM 0, \\x0aIQ 1, \\x0aIP 0, \\x0aIH 0, \\x0aFL "] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "91.183.209.106"] [uri "/fr/file/ajax/field_file/und/0/form-BPyMaZbJLud1YtBBCcoiiN4-_HPwHS_V1NRsvSQBXy0"] [unique_id "155057149094.112484"] [ref "v893,1"]

I'm using Modsecurity with branch v3.2/master

And here is the last git logs

"commit bc3d3f1
Author: Felipe Zimmerle fcosta@trustwave.com
Date: Tue Sep 25 10:18:43 2018 -0300

Adds support to setenv action

Issue #1044"

Need your help, how fix this issue..

[victorhora]

Hi @iniwidi

I'm using Modsecurity with branch v3.2/master

I believe you mean the OWASP CRS rules from v3.2/master. ModSecurity itself is currently heading to 3.0.4 at master..

commit [bc3d3f1]

This is an old commit/version. I would recommend upgrading to 3.0.3 or getting the current code from master (pre-3.0.4).

I got this error :

ModSecurity: Access denied with code 400 (phase 2). Matched "Operator Eq' with parameter 0' against variable MULTIPART_STRICT_ERROR' (Value: `1' ) [file

We had a related issue which was addressed at 3.0.3. See #1747

Please upgrade and if the issue persists, let us known and we can investigate further.

Thanks

[iniwidi]

Hi @victorhora

Thanks for you help man, noted will upgrade to 3.0.3

[iniwidi]

hi @victorhora

For update the Modsecurity to 3.0.3 i'm using :

git pull origin v3/master

my question is, is still need to run ./configure, make && make install again ? or just simply copy modsecurity.conf without re-configure again ?

Thanks.

[victorhora]

hi @victorhora

For update the Modsecurity to 3.0.3 i'm using :

git pull origin v3/master

my question is, is still need to run ./configure, make && make install again ? or just simply copy modsecurity.conf without re-configure again ?

Thanks.

Yes @iniwidi. If you simply pull the code it won't compile and install by itself. You need re-compile and install again.

It's a good idea to "clean" your current compiled code by running a make clean or make maintainer-clean.