Bug 962995 - custom rules not working
custom rules not working
Product: Fedora EPEL
Classification: Fedora
Component: mod_security (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Athmane Madjoudj
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-05-14 18:56 EDT by Nerijus Baliūnas
Modified: 2014-07-08 11:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-07-08 11:33:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nerijus Baliūnas 2013-05-14 18:56:46 EDT
/etc/httpd/conf.d/mod_security.conf has (near the top):
    # ModSecurity Core Rules Set configuration
        Include modsecurity.d/*.conf
        Include modsecurity.d/activated_rules/*.conf

I have /etc/httpd/modsecurity.d/modsecurity_localrules.conf which disables some rules for some URLs by using SecRuleRemoveById. But it does not work anymore, because, according to https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRuleRemoveById :

Note : This directive must be specified after the rule in which it is disabling. This should be used within local custom rule files that are processed after third party rule sets. Example file - modsecurity_crs_60_customrules.conf.

If I change /etc/httpd/conf.d/mod_security.conf to
        Include modsecurity.d/activated_rules/*.conf
        Include modsecurity.d/*.conf

then it starts to work. Should I rename my modsecurity_localrules.conf file to activated_rules/modsecurity_crs_60_customrules.conf as the Note above suggests or could the Include ordering be changed in the package?
Comment 1 Athmane Madjoudj 2013-05-15 00:27:31 EDT
That file is for custom rules, for disabling rules, you can chose a file name that makes sure it will be processed after rules definition eg:

Comment 2 Nerijus Baliūnas 2013-07-16 08:35:26 EDT
What about the rules, which I have in /etc/httpd/conf.d/virtualhost.conf ? For example, now it looks like this:

NameVirtualHost *:80

<VirtualHost *:80>
ServerName www.example.lt
DocumentRoot "/var/www/html"
<Location /files>
<IfModule mod_security2.c>
 SecRuleRemoveById 970013
 SecRuleRemoveById 981231

These rules do not work too. Is it possible to somehow still have them in virtualhost.conf?
Comment 3 Athmane Madjoudj 2013-07-23 16:33:48 EDT
SecRuleRemoveById should work in vhost definition, just make sure that your configuration file is evaluated by Apache after mod_security / CRS config.

Note You need to log in before you can comment on or make changes to this bug.