[Modsecurity] ErrorDocument problem with 2.1.3

[Brian Rectanus]

Hi,

This list is for the ruleset for gotroot.com and you are using the
Core Ruleset.  Please use the mod-security-users at lists.sourceforge.net
list for CoreRuleset and other general ModSecurity questions.  I will
take this over there and reply on that list.

thanks,
-B

On Nov 14, 2007 9:47 AM, E. M. Recio <erecio at polywog.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I noticed that if I put this:
>
> SecRule REQUEST_URI attack
>
> In the second line of my main configuration file
> (modsecurity_crs_10_config.conf) - right after "SecRuleEngine on" the
> modified error page comes up as expected.
>
> However, if I put the same line /after/ all the lines in that file, I
> get two "Internal Server Error" messages, plus an embedded internal
> server error message "Additionally, a 500 Internal Server Error error
> was encountered while trying to use an ErrorDocument to handle the request."
>
> It seems like the culprit is:
>
> SecDefaultAction "phase:2,log,deny,status:500"
>
> If I put that sample rule BEFORE the above line, ErrorDocument is OK. If
> I put it AFTER that line, ErrorDocument breaks.
>
> What would be the correct setting to make sure that the custom error
> messages appear correctly? And more importantly, why would the above
> default action break it?
>
> I am just trying to wrap my head around these rules, and tweaking is
> driving me nuts, so sorry if I am asking a dumb question.
>
> - --
> Thanks,
> E. Recio
>
> MAC user's dynamic debugging list evaluator?  Never heard of that.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHOzSWKoXvoXXmAZ0RAj2aAJ9X2OCC2jhQak6AqNuRB+1UUT7LdwCfUVUN
> cIytbLhn7kCv0qe/g0sLi4A=
> =9qc/
> -----END PGP SIGNATURE-----
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
>