Bug 719487 - Changing SecDefaultAction causes outbound rule error
Summary: Changing SecDefaultAction causes outbound rule error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: mod_security
Version: el5
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Othman Madjoudj
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-07 02:04 UTC by Matt Edlefsen
Modified: 2013-03-30 16:23 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-30 16:23:42 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matt Edlefsen 2011-07-07 02:04:02 UTC 
Description of problem:

If SecDefaultAction is changed to a disruptive action like "deny" most requests will be denied.

Here is the upstream bug report.

https://www.modsecurity.org/tracker/browse/CORERULES-36

Version-Release number of selected component (if applicable):

mod_security-2.5.12-3.el5

Looks like it may also be in the latest el6 version as well.

How reproducible:

Very

Steps to Reproduce:
1. Change SecDefaultAction in modsecurity_crs_10_config.conf to "phase:2,log,deny"
2. Restart apache
3. Try to view an image on the web server (or most any other binary)
  
Actual results:

Will get 403 http error

Expected results:

Will get the requested file

Additional info:

The fix is just to add "pass" to the rule in question.
Comment 1 Othman Madjoudj 2012-09-08 22:31:20 UTC 
Can check if this issue is still reproducible with the latest mod_security and mod_security_crs from epel-testing.
Note You need to log in before you can comment on or make changes to this bug.