How to disable ModSecurity: collection_store write to DBM file

浪尽此生 提交于 2019-12-25 12:41:13

问题


Receiving this ModSecurity error:

ModSecurity: collection_store: Failed to write to DBM file 
"/tmp/default_SESSION": Invalid argument  

There is not a Rule ID associated with this error. I know I can disable by rule id using
SecRuleRemoveById xxxxxx

How can I disable writing to DBM file and/or locating the rules that are specifically causing this error?


回答1:


Collections are initialised by rules 900020 and 900021 in the OWASP CRS in the modsecurity_crs_10_setup.conf file. They are primarily used for the experimental DoS and Brute Force rules so if you are not using these collections then you can disable those rules.

However not sure that the OWASP Rules use a default_SESSION collection so have a look through all your rules for any initcol commands in case some other rules are using collections.

To be honest I'm not a big fan of how ModSecurity handles persistent collection data in shared files like this as it often leads to error messages, and an ever increasing file. I think these rules should therefore be turned off by default in OWASP CRS. Especially as they aren't used except if you enable experimental rules. More background on the ModSecurity email list here: http://sourceforge.net/p/mod-security/mailman/message/34393121/



来源:https://stackoverflow.com/questions/32744536/how-to-disable-modsecurity-collection-store-write-to-dbm-file

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!