Bug 719487

Summary: Changing SecDefaultAction causes outbound rule error
Product: [Fedora] Fedora EPEL Reporter: Matt Edlefsen <matt>
Component: mod_securityAssignee: Othman Madjoudj <athmanem>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: el5CC: athmanem, mfleming+rpm, mishu
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-30 16:23:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Matt Edlefsen 2011-07-07 02:04:02 UTC 
Description of problem:

If SecDefaultAction is changed to a disruptive action like "deny" most requests will be denied.

Here is the upstream bug report.

https://www.modsecurity.org/tracker/browse/CORERULES-36

Version-Release number of selected component (if applicable):

mod_security-2.5.12-3.el5

Looks like it may also be in the latest el6 version as well.

How reproducible:

Very

Steps to Reproduce:
1. Change SecDefaultAction in modsecurity_crs_10_config.conf to "phase:2,log,deny"
2. Restart apache
3. Try to view an image on the web server (or most any other binary)
  
Actual results:

Will get 403 http error

Expected results:

Will get the requested file

Additional info:

The fix is just to add "pass" to the rule in question.
Comment 1 Othman Madjoudj 2012-09-08 22:31:20 UTC 
Can check if this issue is still reproducible with the latest mod_security and mod_security_crs from epel-testing.