Skip to content

@pmf operator on libModSecurity3 is not ignoring "#" on an otherwise empty line as it should #1948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dune73 opened this issue Nov 5, 2018 · 2 comments
Closed

@pmf operator on libModSecurity3 is not ignoring "#" on an otherwise empty line as it should #1948

dune73 opened this issue Nov 5, 2018 · 2 comments
Assignees
@victorhora
Labels
3.x Related to ModSecurity version 3.x duplicate Ops. Somebody else already hit that bump

Comments

@dune73
Copy link
Member

dune73 commented Nov 5, 2018
edited
Loading

The CRS rule 913100 is based on scanners-user-agents.data and this file contains lines with only a #. A user-agent with a # leads to a false positive.

Logs and dumps

See SpiderLabs/owasp-modsecurity-crs#1215

Notice: Be carefully to not leak any confidential information.

To Reproduce

Steps to reproduce the behavior:

curl -v localhost -H "User-Agent: Sogou Pic Spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"

Expected behavior

All lines starting with # are being ignored like with ModSec 2.x.
@victorhora victorhora self-assigned this Nov 6, 2018
@victorhora victorhora added 3.x Related to ModSecurity version 3.x duplicate Ops. Somebody else already hit that bump labels Nov 6, 2018
@victorhora
Copy link
Contributor

Hi @dune73

Thanks for the report. It seems like this is a duplicate of #1645. Do you mind sharing your findings there so we can better keep track of the issues?

Thanks.

@dune73
Copy link
Member Author

dune73 commented Nov 6, 2018

Don't mind at all. Thanks for the pointer.

@tdoubley tdoubley mentioned this issue Jan 16, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@victorhora victorhora

Labels
3.x Related to ModSecurity version 3.x duplicate Ops. Somebody else already hit that bump
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dune73 @victorhora