Hi,
I'm dealing with a legacy website with invalid json.
there are POST requests containing this kind of data :
{search: "foobar", page: 1}
This is obviously laking " around the keys. We will patch it, but it will take some time.
The modsecaudit logs doesn't give any rule ID to disable...
The Request headers have "Content-Type: application/json; charset=UTF-8"
--83daf342-H--
Message: JSON parsing error: lexical error: invalid char in json text.
Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client X.X.X.X] ModSecurity: JSON parsing error: lexical error: invalid char in json text.\n [hostname "www.fqdn.test"] [uri "/search/Index.aspx/search"] [unique_id "ajT__UZhrXC6xoyQldZw1AAAAB0"]
Apache-Handler: proxy-server
Stopwatch: 1781858301769951 51119 (- - -)
Stopwatch2: 1781858301769951 51119; combined=2380, p1=514, p2=1662, p3=41, p4=76, p5=87, sr=95, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.5.
Server: Apache/2.4.58 (Ubuntu)
Engine-Mode: "DETECTION_ONLY"
I will have to turn the engine ON soon...
I can turn "SecRequestBodyAccess Off" in the , but it is a little too much, as i may want to inspect the RequestBody of a malicious Request.
Using "SecRuleRemoveById 200001 200002" does nothing.
What is the best work around ?
versions
Apache 2.4.58
ubuntu 24.04
modsecurity : 2.9.7
OWASP CRS 3.3.5
Hi,
I'm dealing with a legacy website with invalid json.
there are POST requests containing this kind of data :
{search: "foobar", page: 1}
This is obviously laking " around the keys. We will patch it, but it will take some time.
The modsecaudit logs doesn't give any rule ID to disable...
The Request headers have "Content-Type: application/json; charset=UTF-8"
--83daf342-H--
Message: JSON parsing error: lexical error: invalid char in json text.
Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client X.X.X.X] ModSecurity: JSON parsing error: lexical error: invalid char in json text.\n [hostname "www.fqdn.test"] [uri "/search/Index.aspx/search"] [unique_id "ajT__UZhrXC6xoyQldZw1AAAAB0"]
Apache-Handler: proxy-server
Stopwatch: 1781858301769951 51119 (- - -)
Stopwatch2: 1781858301769951 51119; combined=2380, p1=514, p2=1662, p3=41, p4=76, p5=87, sr=95, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.5.
Server: Apache/2.4.58 (Ubuntu)
Engine-Mode: "DETECTION_ONLY"
I will have to turn the engine ON soon...
I can turn "SecRequestBodyAccess Off" in the , but it is a little too much, as i may want to inspect the RequestBody of a malicious Request.
Using "SecRuleRemoveById 200001 200002" does nothing.
What is the best work around ?
versions
Apache 2.4.58
ubuntu 24.04
modsecurity : 2.9.7
OWASP CRS 3.3.5