Skip to content
This repository was archived by the owner on May 14, 2020. It is now read-only.

Removal of platform dependent 920110 #394

Closed
csanders-git opened this issue Jul 8, 2016 · 3 comments
Closed

Removal of platform dependent 920110 #394

csanders-git opened this issue Jul 8, 2016 · 3 comments

Comments

@csanders-git
Copy link
Contributor

The following rule just propagates up a warning from the Apache log. This functionality does not work in other web servers (Nginx and IIS) and is not going to be supported in 3.x (see owasp-modsecurity/ModSecurity#1028). I think it makes some sense to remove this rule.

SecRule WEBSERVER_ERROR_LOG "@contains Invalid URI in request"
"msg:'Apache Error: Invalid URI in Request.',
severity:'WARNING',
id:920110,
...
@zimmerle
Copy link
Contributor

zimmerle commented Jul 8, 2016

I would agree with @csanders-git. Having a rule that is just workable on a single environment is very confuse, specially because it is not clear that it is currently only available in Apache.

ModSec' reference manual about this variable:
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#WEBSERVER_ERROR_LOG

Worth to mention that this variable is is only filled during the logging phase.

@csanders-git csanders-git mentioned this issue Jul 10, 2016
Merged
@dune73
Copy link
Contributor

dune73 commented Jul 11, 2016

Agree with your conclusions.

@fgsch
Copy link
Contributor

fgsch commented Mar 8, 2019

This is done. Closing.

@fgsch fgsch closed this as completed Mar 8, 2019
@CRS-migration-bot CRS-migration-bot mentioned this issue May 13, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fgsch @zimmerle @dune73 @csanders-git