You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Yogesh Patel <yo...@highq.com> on 2015/11/23 10:52:39 UTC

Modsecurity - REQBODY ERROR

In modsecurity we have a rule below:

"SecRule REQBODY_ERROR "!@eq 0" \
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse
request body.',logdata:'%{reqbody_error_msg}',severity:2"


in mod security log following error message is detected:

"Message: Access denied with code 400 (phase 2). Match of "eq 0"
against "REQBODY_ERROR" required. [file
"D:/tools/Apache2.4.x/conf/extra/highq/modsec/modsecurity.conf"] [line
"132"] [id "200001"] [msg "Failed to parse request body."] [data
"Error reading request body: Client went away."] [severity "CRITICAL"]
Action: Intercepted (phase 2)"


What could be the possible reason for this error?

-- 
*Thanks & Regards,*

* Yogesh Patel*

Re: Modsecurity - REQBODY ERROR

Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.

On 23.11.2015 10:52, Yogesh Patel wrote:
> In modsecurity we have a rule below:
>
> "SecRule REQBODY_ERROR "!@eq 0" \
> "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse
> request body.',logdata:'%{reqbody_error_msg}',severity:2"
>
>
> in mod security log following error message is detected:
>
> "Message: Access denied with code 400 (phase 2). Match of "eq 0"
> against "REQBODY_ERROR" required. [file
> "D:/tools/Apache2.4.x/conf/extra/highq/modsec/modsecurity.conf"] [line
> "132"] [id "200001"] [msg "Failed to parse request body."] [data
> "Error reading request body: Client went away."] [severity "CRITICAL"]
> Action: Intercepted (phase 2)"
>
>
> What could be the possible reason for this error?
>

I don't know, but I believe that you may have posted this to the wrong list.
Should you not be sending this to the *Apache httpd* user list, instead of the *Apache 
Tomcat* user list ?
See : http://httpd.apache.org/ versus http://tomcat.apache.org
(They both belong to the Apache organisation, but they are different software products)
And modsecurity is yet another separate thing, at http://www.modsecurity.org, but it seems 
more related to Apache httpd than to Tomcat.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org