如何禁用 ModSecurity:collection_store 写入 DBM 文件 [英] How to disable ModSecurity: collection_store write to DBM file

问题描述

收到此 ModSecurity 错误:

Receiving this ModSecurity error:

ModSecurity: collection_store: Failed to write to DBM file 
"/tmp/default_SESSION": Invalid argument  

没有与此错误相关的规则 ID.我知道我可以使用
通过规则 ID 禁用SecRuleRemoveById xxxxxx

There is not a Rule ID associated with this error. I know I can disable by rule id using
SecRuleRemoveById xxxxxx

如何禁用写入 DBM 文件和/或定位导致此错误的具体规则?

How can I disable writing to DBM file and/or locating the rules that are specifically causing this error?

推荐答案

集合由 modsecurity_crs_10_setup.conf 文件中的 OWASP CRS 中的规则 900020 和 900021 初始化.它们主要用于实验性 DoS 和蛮力规则，因此如果您不使用这些集合，则可以禁用这些规则.

Collections are initialised by rules 900020 and 900021 in the OWASP CRS in the modsecurity_crs_10_setup.conf file. They are primarily used for the experimental DoS and Brute Force rules so if you are not using these collections then you can disable those rules.

但是不确定 OWASP 规则是否使用 default_SESSION 集合，因此请查看所有 initcol 命令的规则，以防其他规则使用集合.

However not sure that the OWASP Rules use a default_SESSION collection so have a look through all your rules for any initcol commands in case some other rules are using collections.

老实说，我不太喜欢 ModSecurity 如何处理像这样的共享文件中的持久收集数据，因为它经常导致错误消息和不断增加的文件.因此，我认为这些规则应该在 OWASP CRS 中默认关闭.特别是因为除非您启用实验规则，否则不会使用它们.有关 ModSecurity 电子邮件列表的更多背景信息，请访问:http://sourceforge.net/p/mod-security/mailman/message/34393121/

To be honest I'm not a big fan of how ModSecurity handles persistent collection data in shared files like this as it often leads to error messages, and an ever increasing file. I think these rules should therefore be turned off by default in OWASP CRS. Especially as they aren't used except if you enable experimental rules. More background on the ModSecurity email list here: http://sourceforge.net/p/mod-security/mailman/message/34393121/

这篇关于如何禁用 ModSecurity:collection_store 写入 DBM 文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！