API tools faq
paste
Advertisement
riki137

ModSecurity debug log

riki137
May 3rd, 2019
161
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Apache Log 15.39 KB | None | 0 0
raw download clone embed print report
  1. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Initialising transaction (txid XMyFyWdPpz9cuNemUHJz2QAAAAA).
  2. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Transaction context created (dcfg 7ff29ebd1f10).
  3. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Starting phase REQUEST_HEADERS.
  4. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] This phase consists of 2 rule(s).
  5. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Recipe: Invoking rule 7ff29da74c20; [file "/etc/modsecurity/modsecurity.conf"] [line "23"] [id "200000"].
  6. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][5] Rule 7ff29da74c20: SecRule "REQUEST_HEADERS:Content-Type" "@rx (?:application(?:/soap\\+|/)|text/)xml" "phase:1,auditlog,id:200000,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
  7. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Rule returned 0.
  8. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] No match, not chained -> mode NEXT_RULE.
  9. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Recipe: Invoking rule 7ff29da729e0; [file "/etc/modsecurity/modsecurity.conf"] [line "30"] [id "200001"].
  10. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][5] Rule 7ff29da729e0: SecRule "REQUEST_HEADERS:Content-Type" "@rx application/json" "phase:1,auditlog,id:200001,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
  11. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Rule returned 0.
  12. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] No match, not chained -> mode NEXT_RULE.
  13. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Second phase starting (dcfg 7ff29ebd1f10).
  14. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Input filter: This request does not have a body.
  15. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Starting phase REQUEST_BODY.
  16. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] This phase consists of 4 rule(s).
  17. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Recipe: Invoking rule 7ff29da70180; [file "/etc/modsecurity/modsecurity.conf"] [line "60"] [id "200002"].
  18. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][5] Rule 7ff29da70180: SecRule "REQBODY_ERROR" "!@eq 0" "phase:2,auditlog,id:200002,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:%{reqbody_error_msg},severity:2"
  19. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Transformation completed in 1 usec.
  20. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Executing operator "!eq" with param "0" against REQBODY_ERROR.
  21. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] Target value: "0"
  22. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Operator completed in 7 usec.
  23. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Rule returned 0.
  24. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] No match, not chained -> mode NEXT_RULE.
  25. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Recipe: Invoking rule 7ff29da71df8; [file "/etc/modsecurity/modsecurity.conf"] [line "81"] [id "200003"].
  26. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][5] Rule 7ff29da71df8: SecRule "MULTIPART_STRICT_ERROR" "!@eq 0" "phase:2,auditlog,id:200003,t:none,log,deny,status:400,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
  27. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Transformation completed in 1 usec.
  28. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Executing operator "!eq" with param "0" against MULTIPART_STRICT_ERROR.
  29. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] Target value: "0"
  30. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Operator completed in 1 usec.
  31. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Rule returned 0.
  32. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] No match, not chained -> mode NEXT_RULE.
  33. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Recipe: Invoking rule 7ff29da6ad18; [file "/etc/modsecurity/modsecurity.conf"] [line "86"] [id "200004"].
  34. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][5] Rule 7ff29da6ad18: SecRule "MULTIPART_UNMATCHED_BOUNDARY" "!@eq 0" "phase:2,auditlog,id:200004,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
  35. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Transformation completed in 0 usec.
  36. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Executing operator "!eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY.
  37. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] Target value: "0"
  38. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Operator completed in 4 usec.
  39. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Rule returned 0.
  40. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] No match, not chained -> mode NEXT_RULE.
  41. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Recipe: Invoking rule 7ff29da66728; [file "/etc/modsecurity/modsecurity.conf"] [line "100"] [id "200005"].
  42. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][5] Rule 7ff29da66728: SecRule "TX:/^MSC_/" "!@streq 0" "phase:2,log,auditlog,id:200005,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
  43. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Rule returned 0.
  44. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][9] No match, not chained -> mode NEXT_RULE.
  45. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Hook insert_filter: Adding output filter (r 7ff2a0e610a0).
  46. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e610a0][/][4] Initialising logging.
  47. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec76a20][/index.php][4] Starting phase LOGGING.
  48. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec76a20][/index.php][9] This phase consists of 0 rule(s).
  49. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec76a20][/index.php][4] Recording persistent data took 0 microseconds.
  50. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec76a20][/index.php][4] Audit log: Logging this transaction.
  51. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Initialising transaction (txid XMyFyWdPpz9cuNemUHJz2gAAAAA).
  52. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Transaction context created (dcfg 7ff29ebd1f10).
  53. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Starting phase REQUEST_HEADERS.
  54. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] This phase consists of 2 rule(s).
  55. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Recipe: Invoking rule 7ff29da74c20; [file "/etc/modsecurity/modsecurity.conf"] [line "23"] [id "200000"].
  56. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][5] Rule 7ff29da74c20: SecRule "REQUEST_HEADERS:Content-Type" "@rx (?:application(?:/soap\\+|/)|text/)xml" "phase:1,auditlog,id:200000,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
  57. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Rule returned 0.
  58. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] No match, not chained -> mode NEXT_RULE.
  59. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Recipe: Invoking rule 7ff29da729e0; [file "/etc/modsecurity/modsecurity.conf"] [line "30"] [id "200001"].
  60. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][5] Rule 7ff29da729e0: SecRule "REQUEST_HEADERS:Content-Type" "@rx application/json" "phase:1,auditlog,id:200001,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
  61. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Rule returned 0.
  62. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] No match, not chained -> mode NEXT_RULE.
  63. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Second phase starting (dcfg 7ff29ebd1f10).
  64. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Input filter: This request does not have a body.
  65. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Starting phase REQUEST_BODY.
  66. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] This phase consists of 4 rule(s).
  67. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Recipe: Invoking rule 7ff29da70180; [file "/etc/modsecurity/modsecurity.conf"] [line "60"] [id "200002"].
  68. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][5] Rule 7ff29da70180: SecRule "REQBODY_ERROR" "!@eq 0" "phase:2,auditlog,id:200002,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:%{reqbody_error_msg},severity:2"
  69. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Transformation completed in 1 usec.
  70. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Executing operator "!eq" with param "0" against REQBODY_ERROR.
  71. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] Target value: "0"
  72. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Operator completed in 1 usec.
  73. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Rule returned 0.
  74. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] No match, not chained -> mode NEXT_RULE.
  75. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Recipe: Invoking rule 7ff29da71df8; [file "/etc/modsecurity/modsecurity.conf"] [line "81"] [id "200003"].
  76. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][5] Rule 7ff29da71df8: SecRule "MULTIPART_STRICT_ERROR" "!@eq 0" "phase:2,auditlog,id:200003,t:none,log,deny,status:400,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
  77. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Transformation completed in 0 usec.
  78. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Executing operator "!eq" with param "0" against MULTIPART_STRICT_ERROR.
  79. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] Target value: "0"
  80. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Operator completed in 0 usec.
  81. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Rule returned 0.
  82. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] No match, not chained -> mode NEXT_RULE.
  83. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Recipe: Invoking rule 7ff29da6ad18; [file "/etc/modsecurity/modsecurity.conf"] [line "86"] [id "200004"].
  84. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][5] Rule 7ff29da6ad18: SecRule "MULTIPART_UNMATCHED_BOUNDARY" "!@eq 0" "phase:2,auditlog,id:200004,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
  85. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Transformation completed in 0 usec.
  86. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Executing operator "!eq" with param "0" against MULTIPART_UNMATCHED_BOUNDARY.
  87. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] Target value: "0"
  88. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Operator completed in 0 usec.
  89. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Rule returned 0.
  90. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] No match, not chained -> mode NEXT_RULE.
  91. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Recipe: Invoking rule 7ff29da66728; [file "/etc/modsecurity/modsecurity.conf"] [line "100"] [id "200005"].
  92. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][5] Rule 7ff29da66728: SecRule "TX:/^MSC_/" "!@streq 0" "phase:2,log,auditlog,id:200005,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
  93. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Rule returned 0.
  94. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][9] No match, not chained -> mode NEXT_RULE.
  95. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Hook insert_filter: Adding output filter (r 7ff29ec760a0).
  96. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff29ec760a0][/_wdt/1fa1d6][4] Initialising logging.
  97. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e61c80][/index.php][4] Starting phase LOGGING.
  98. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e61c80][/index.php][9] This phase consists of 0 rule(s).
  99. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e61c80][/index.php][4] Recording persistent data took 0 microseconds.
  100. [03/May/2019:20:17:45 +0200] [localhost/sid#7ff29da5a948][rid#7ff2a0e61c80][/index.php][4] Audit log: Logging this transaction.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!