mod-security causes segmentation fault

Question

I was trying to remove a rule (numeric ip in host header) for machines on my local network:

SecRule REMOTE_ADDR "@ipMatch 192.168.178.0/24" \ 
"id:5,phase:1,t:none,nolog,pass,ctl:ruleRemoveTargetById=981203"

The rule is defined here: [file "/etc/apache2/crs/owasp-modsecurity-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "33"]

After setting this rule every request caused a segfault: [Wed Oct 07 19:37:03.187960 2015] [core:notice] [pid 28950] AH00052: child pid 28983 exit signal Segmentation fault (11)

score 4 · Accepted Answer · answered Oct 07 '15 at 22:08

4

You have specified:

ctl:ruleRemoveTargetById=981203

But not specified a target. I'm guessing you meant:

ctl:ruleRemoveById=981203

?

Shouldn't cause a segfault ideally of course but it's still wrong.

answered Oct 07 '15 at 22:08

Barry Pollard

40,655
7
76
92

Actually, this was causing a segmentation fault in my configuration. I was trying to exclude an specific file extension from a Core Rule Set rule but no specifying target via ARGS parameter as the CRS example shows. It was fixed for me by using ctl:ruleRemoveById. Thanks! – Javier Pallarés Aug 24 '19 at 18:52

mod-security causes segmentation fault

1 Answers1