Knowledgebase

Portal Home > Knowledgebase > Articles Database > Getting Error while implementing mod_Security rules for antispam event

Getting Error while implementing mod_Security rules for antispam event

Posted by prashantjadhav, 07-01-2013, 08:25 AM

Hello, We are trying to implement below mentioned rules for mod_security aaplication and getting error as " Syntax error on line 170 of /usr/local/apache/conf/modsec2.user.conf: ModSecurity: No action id present within the rule " where line number 170 is SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" t:lowercase,chain. SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" t:lowercase,chain SecRule REQUEST_BODY "[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,\x20[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" t:lowercase,chain SecRule REQUEST_BODY "[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" t:lowercase,chain SecRule REQUEST_BODY "[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,\x20[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" t:lowercase,chain SecRule REQUEST_BODY "[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_URI "dm.cgi" SecRule REQUEST_BODY|REQUEST_URI "\.cgi\?m\=state" SecRule REQUEST_BODY|REQUEST_URI "cgi\?m\=snd" SecRule REQUEST_BODY|REQUEST_URI "cgi\?m\=icfg" Regards, Prashant

---

Posted by serveric, 07-01-2013, 12:29 PM

a modsecurity rule need a 1. SecRule 2. SecAction and the SecAction part need a Unique rule ID , please check these in your configuration file

---

Posted by prashantjadhav, 07-02-2013, 06:36 AM

Hello, Thank you for your previous update but how we will come to know the which Unique ID need to be used for SecAction part. Cause i try using unique id as 1, 66006 and 30000 but it didn't work and got an error as Syntax error on line 170 of /usr/local/apache/conf/modsec2.user.conf: Error parsing actions: Unknown action: id=1 Regards, Prashant

---

Posted by bune, 07-02-2013, 04:50 PM

The ruls added are for old mod _security New mod_security has newer rules which need a unique identifier ID

---

Posted by prashantjadhav, 07-03-2013, 06:32 AM

Hello, Thanks for your update. As per your reply, New mod_security has newer rules which need a unique identifier ID. Do you know how to set the newer rules using unique identifier ID. Regards, Prashant

---

Posted by prashantjadhav, 07-16-2013, 04:12 AM

Hello, I got the resolution of my query from forums.cpanel.net. They appended the id in respective rules SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" "t:lowercase,chain,id:99001" SecRule REQUEST_BODY "[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,\x20[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" "t:lowercase,chain,id:99002" SecRule REQUEST_BODY "[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" "t:lowercase,chain,id:99003" SecRule REQUEST_BODY "[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,\x20[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_BODY "bcc:|cc:|bcc%3A|cc%3A" "t:lowercase,chain,id:99004" SecRule REQUEST_BODY "[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}\,[A-Za-z0-9._%-]+%10[A-Za-z0-9._%-]+\.[A-Za-z]{2,4}" SecRule REQUEST_URI "dm.cgi" "id:99005" SecRule REQUEST_BODY|REQUEST_URI "\.cgi\?m\=state" "id:99006" SecRule REQUEST_BODY|REQUEST_URI "cgi\?m\=snd" "id:99007" SecRule REQUEST_BODY|REQUEST_URI "cgi\?m\=icfg" "id:99008" Thanks to everyone who commented on this thread. Regards, Prashant

---

Add to Favourites    Print this Article

Tracking down load issue (Views: 720)

More information needed about a Web Hosting (Views: 708)

Email Hosting (Views: 780)

Install SSL on directadmin (Views: 1296)

Recommend me someone’s budget reseller plan (Views: 718)