Configserver Modsec Control disable rule failure

Post Reply
nNhJoQF
Junior Member
Posts: 2
Joined: 15 Oct 2013, 06:59

Configserver Modsec Control disable rule failure

Post by nNhJoQF »

I have come across a significant number of forum posts where users stated that Configserver Modsec Control disable rule sometimes fails.

While trying to reproduce the issue I think I have stumbled onto the main cause of these problems.
I could reproduce the issue if I double click selected a rule ID then pasted it into CMC disable rule field.
Windows was selecting a trailing space which was then being pasted into the ID field (unseen by tired eyes).
On clicking the save button Apache restarts, but no SecRuleRemoveById line is written to modsec2.whitelist.conf or the other locations it should be written to.
It effectively fails silently.

This could be eliminated with sanitization (stripping white-space) on save action or error message to avoid silent failure.

This is more of a feature request than a bug report, but I thought I'd let you know.
yorodriguez
Junior Member
Posts: 18
Joined: 04 Jan 2017, 09:29

Re: Configserver Modsec Control disable rule failure

Post by yorodriguez »

In my case I had no extra white-spaces and was not working because of rules using <locationmatch>.. In this post I explain the issue and the workaround: viewtopic.php?f=31&t=10108&p=28474#p28474
Post Reply