问题
Receiving this ModSecurity error:
ModSecurity: collection_store: Failed to write to DBM file
"/tmp/default_SESSION": Invalid argument
There is not a Rule ID associated with this error. I know I can disable by rule id usingSecRuleRemoveById xxxxxx
How can I disable writing to DBM file and/or locating the rules that are specifically causing this error?
回答1:
Collections are initialised by rules 900020 and 900021 in the OWASP CRS in the modsecurity_crs_10_setup.conf file. They are primarily used for the experimental DoS and Brute Force rules so if you are not using these collections then you can disable those rules.
However not sure that the OWASP Rules use a default_SESSION collection so have a look through all your rules for any initcol commands in case some other rules are using collections.
To be honest I'm not a big fan of how ModSecurity handles persistent collection data in shared files like this as it often leads to error messages, and an ever increasing file. I think these rules should therefore be turned off by default in OWASP CRS. Especially as they aren't used except if you enable experimental rules. More background on the ModSecurity email list here: http://sourceforge.net/p/mod-security/mailman/message/34393121/
来源:https://stackoverflow.com/questions/32744536/how-to-disable-modsecurity-collection-store-write-to-dbm-file