Update for Modsecurity on RHEL/CENTOS 7

[Bruno Mairlot]

Hi,

While implementing my own mlogc equivalent to use on CentOS 7 system, I noticed that the modsecurity unique ID is now 28 characters long instead of 24.

This has two impacts for WAF-FLE :

In page /controller/index.php, at line 88, the regular expression :

if (preg_match('/^\[(\d{1,2})\/(\w{3})\/(\d{4})\:(\d{2}\:\d{2}\:\d{2})\s(\-\-\d{4}|\+\d{4})\]\s([a-zA-Z0-9\-\@]{24})\s([12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2})\s(\d{1,5})\s([12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2})\s(\d{1,5})/i',

Should become :

if (preg_match('/^\[(\d{1,2})\/(\w{3})\/(\d{4})\:(\d{2}\:\d{2}\:\d{2})\s(\-\-\d{4}|\+\d{4})\]\s([a-zA-Z0-9\-\@]{24,28})\s([12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2})\s(\d{1,5})\s([12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2})\s(\d{1,5})/i',

And the file /extra/waffle.mysql,

The line

`a_uniqid` char(24) NOT NULL,

Should become

`a_uniqid` char(28) NOT NULL,

That is all I noticed to make it run with a mod_security as provided in CentOS 7 so far.

Cheers,

Bruno

[Klaubert Herr da Silveira]

Hi Bruno,

thanks for the report, I could confirm this issue the new version of CentOS/RHEL, the made a patch to support IPv6 only hosts... so the unique_id can be 28 bytes as you told.

I'll make this patch included in next release of Waf-Fle.

Best regards,

Klaubert

--
You received this message because you are subscribed to the Google Groups "waf-fle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waf-fle+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.