IIS 10 - collections_remove_stale

[dmarlow]

ModSecurity: collections_remove_stale: Failed to access DBM file "C:/inetpub/temp/global": The system cannot find the path specified.
Also getting the same error for this path: C:/inetpub/temp/ip

The directory does exist. Here is the config:

SecTmpDir c:\inetpub\temp\
SecDataDir c:\inetpub\temp\

Should I be disabling a particular set of rules if it's not supposed to work on IIS?

[victorhora]

@dmarlow Make sure that the user running IIS/ModSecurity has RWX permission for that folder as the error message suggests that the file was not created.

If you are sure this is the case, you might be facing an issue related with #576. So you may want to rebuild your ModSecurity with the flag --enable-collection-global-lock. More about this flag here.

Alternatively, you may want to rebuild with --enable-collection-delete-problem-logging=no which doesn't "solve" the issue, but at least it doesn't pollute your logs with these entries.

Should I be disabling a particular set of rules if it's not supposed to work on IIS?

Please see SecTmpDir and SecDataDir for more information about these directives.

[grzech1983]

Hello,

is there any chance to investigate this issue? I'm trying to use ModSecurity in shared hosting scenario as a hoster. All websites are being runned with separate user in system for security reasons. They all inherit permissions from one user group (IIS_IUSRS). Whatever I do I just can't provide permissions for SecDataDir. I even tried to add Everyone permission for All operations on dir which I'm tring to use. Interesting fact is that when I'm monitoring this path using Windows ProcessMonitor app this dir is not even being mentioned in operations (this app shows all operations on varions system elements).
I just wanted to create some simple system wide rule for blocking wp-login.php or similar requests for clients websites after X retries because it is causing sometimes high cpu usage.

Error entry:

[client SOMEIPADDRESS] ModSecurity: collection_retrieve_ex: Unable to retrieve collection (name "global", key "global"). Use SecDataDir to define data directory first. [hostname "........."] [uri "/w........."] [unique_id "17582052951696867351"]

@dmarlow have you solved this issue? I'm using latest MS 2.9.3

EDIT: So I've done some more checking and it looks like if w3wp.exe has no access to root (I have website files in D:\SomeDir\Some\User\Website) directory of a path from SecDataDir (so D:) it is not checking futher and returns error with permissions (but dir like D:\modsec used in SecDataDir configuration is fully writeable). Addin special permissions to root dir:

• List Folder / read data
• Read attributes
• Read extended attributes

is fixing this problem and allows to debug log and SecDataDir to be written into D:\modsec. IMHO this could be marked as a bug. Maybe this will be fixed in 2.9.4 but there are no nigthlies or source accessible so I can't confirm.