Mod_security rules setup error

Question

Ich versuche die von OWASP bereitgestellte Standardeinstellung zu implementieren. -Link: https://www.modsecurity.org/CRS/Documentation/quickstart.html

Wenn Apache Neustart Ich eror bekommen

Syntax error on line 45 of /etc/modsecurity/rules/REQUEST-910-IP-REPUTATION.conf: Internal Error: Failed to add rule to the ruleset. Action 'configtest' failed. The Apache error log may have more information. ...fail! The code for the relevant section is

SecRule TX:DO_REPUT_BLOCK "@eq 1" \ 
"msg:'Request from Known Malicious Client (Based on previous traffic violations).',\ 
    logdata:'Previous Block Reason: %{ip.reput_block_reason}',\ 
    severity:'CRITICAL',\ 
    id:910000,\ 
    phase:request,\ 
    block,\ 
    t:none,\ 
    tag:'application-multi',\ 
    tag:'language-multi',\ 
    tag:'platform-multi',\ 
    tag:'attack-reputation-ip',\ 
    tag:'IP_REPUTATION/MALICIOUS_CLIENT',\ 
    setvar:'tx.msg=%{rule.msg}',\ 
    skipAfter:BEGIN_REQUEST_BLOCKING_EVAL,\ 
    chain" 
    SecRule IP:REPUT_BLOCK_FLAG "@eq 1" \ 
    "setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ 
    setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var}" 

während die Leitung 45 in den Fehler zu chain" verweist Ich habe keine Ahnung über die Syntax dieser Regeln.

Answer 1

Sie sind vielleicht durch die Apache bug 55910

Handling of line wrapping is broken if "\" is the last character before buffer resizing.

[...]

This issue is also affecting ModSecurity.

Upgrade auf Apache 2.4.11 lösen das Problem nicht betroffen.