Mod Security IIS 10 is blocking PHP interacation even in DetectionOnly

20 views Asked by user3488573 At 07 March 2024 at 17:13

I've installed Mod_Security on my IIS 10, i followed directions and ok. Rename REquest-900*.conf.example to .conf, create rules etc. If i enable ModSecurity by "SecRuleEngine On" on even if i set it in DetectionMode, all interecation from php pages stop working, for example wordpress login on php form, anything, i can surf but can't have an interaction.

In debug.log i have these errors [06/Mar/2024:07:10:02.227184 +0100] [SERVER/sid#214b7a32ab0][rid#214b7a34ac0][//xmlrpc.php][2] Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "C:\Program Files\ModSecurity IIS\modsecurity.conf"] [line "64"] [id "200002"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] and in line 64 of modsecurity.conf i have this

id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2

In modsec_audit.log

--df680000-F--
HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 06 Mar 2024 06:10:03 +0000
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/10.0
X-Robots-Tag: noindex, follow

--df680000-E--
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
  <fault>
    <value>
      <struct>
        <member>
          <name>faultCode</name>
          <value><int>-32700</int></value>
        </member>
        <member>
          <name>faultString</name>
          <value><string>parse error. not well formed</string></value>
        </member>
      </struct>
    </value>
  </fault>
</methodResponse>

--df680000-H--
Message: XML parser error: XML: Failed parsing document.
Message: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "C:\Program Files\ModSecurity IIS\modsecurity.conf"] [line "64"] [id "200002"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"]
Apache-Handler: IIS
Stopwatch: 1709705402227184 1218771 (- - -)
Stopwatch2: 1709705402227184 1218771; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for IIS (STABLE)/2.9.7 (http://www.modsecurity.org/).
Server: ModSecurity Standalone
Engine-Mode: "DETECTION_ONLY"
--df680000-Z--

I really don't know how to fix it, at this time i have to Turn Off ModSecurity

Original Q&A

TechQA.

Mod Security IIS 10 is blocking PHP interacation even in DetectionOnly

There are 0 answers

Related Questions in PHP

Related Questions in MOD-SECURITY

Popular Questions

Popular Tags

Trending Questions