[Modsecurity] ErrorDocument problem with 2.1.3
E. M. Recio
erecio at polywog.org
Wed Nov 14 12:47:02 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I noticed that if I put this:
SecRule REQUEST_URI attack
In the second line of my main configuration file
(modsecurity_crs_10_config.conf) - right after "SecRuleEngine on" the
modified error page comes up as expected.
However, if I put the same line /after/ all the lines in that file, I
get two "Internal Server Error" messages, plus an embedded internal
server error message "Additionally, a 500 Internal Server Error error
was encountered while trying to use an ErrorDocument to handle the request."
It seems like the culprit is:
SecDefaultAction "phase:2,log,deny,status:500"
If I put that sample rule BEFORE the above line, ErrorDocument is OK. If
I put it AFTER that line, ErrorDocument breaks.
What would be the correct setting to make sure that the custom error
messages appear correctly? And more importantly, why would the above
default action break it?
I am just trying to wrap my head around these rules, and tweaking is
driving me nuts, so sorry if I am asking a dumb question.
- --
Thanks,
E. Recio
MAC user's dynamic debugging list evaluator? Never heard of that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHOzSWKoXvoXXmAZ0RAj2aAJ9X2OCC2jhQak6AqNuRB+1UUT7LdwCfUVUN
cIytbLhn7kCv0qe/g0sLi4A=
=9qc/
-----END PGP SIGNATURE-----
More information about the Modsecurity
mailing list