Skip to content

Known ModSecurity Translation Limitations

Jump to bottom
Robert edited this page Mar 14, 2017 · 18 revisions

This page documents known limitations with the included ModSecurity rule translation tooling.

Configuration Directives

Most ModSecurity configuration directives are not compatible, as they are designed to configure ModSecurity behavior. The only applicable configuration directives available for translation at this time are:

  • SecRule
  • SecAction
  • SecMarker

SecDefaultAction is also parsed out, but is currently ignored by translation tooling.

Variables

The following variables are not supported by translation at this time:

  • AUTH_TYPE
  • DURATION
  • ENV
  • FULL_REQUEST
  • FULL_REQUEST_LENGTH
  • FILES_TMPNAMES
  • GEO
  • HIGHEST_SEVERITY
  • INBOUND_DATA_ERROR
  • MODSEC_BUILD
  • MULTIPART_CRLF_LF_LINES
  • MULTIPART_FILENAME
  • MULTIPART_NAME
  • MULTIPART_STRICT_ERROR
  • MULTIPART_UNMATCHED_BOUNDARY
  • OUTBOUND_DATA_ERROR
  • PATH_INFO
  • PERF_COMBINED
  • PERF_GC
  • PERF_LOGGING
  • PERF_PHASE1
  • PERF_PHASE2
  • PERF_PHASE3
  • PERF_PHASE4
  • PERF_PHASE5
  • PERF_RULES
  • PERF_SREAD
  • PERF_SWRITE
  • REMOTE_PORT
  • REMOTE_USER
  • REQBODY_ERROR
  • REQBODY_ERROR_MSG
  • REQBODY_PROCESSOR
  • REQUEST_BODY_LENGTH
  • SCRIPT_BASENAME
  • SCRIPT_FILENAME
  • SCRIPT_GID
  • SCRIPT_GROUPNAME
  • SCRIPT_MODE
  • SCRIPT_UID
  • SCRIPT_USERNAME
  • SDBM_DELETE_ERROR
  • SERVER_ADDR
  • SERVER_PORT
  • SESSION
  • SESSIONID
  • STREAM_INPUT_BODY
  • STREAM_OUTPUT_BODY
  • UNIQUE_ID
  • URLENCODED_ERROR
  • USERID
  • USERAGENT_IP
  • WEBAPPID
  • WEBSERVER_ERROR_LOG
  • XML

Transformation Functions

The following transforms are not supported by translation at this time (note that an unsupported transformation will not prevent translating of the rule; however, be advised this may lead to unexpected behavior depending on the missing translation):

  • escapeSeqDecode
  • parityEven7bit
  • parityOdd7bit
  • parityZero7bit
  • urlEncode
  • utf8toUnicode

Actions

The following actions are not supported by translation at this time (note that an unsupported action will not prevent translating of the rule; however, be advised this may lead to unexpected behavior depending on the missing translation):

  • append
  • ctl (some options)
  • deprecatevar
  • exec
  • multiMatch
  • prepend
  • proxy
  • redirect
  • sanitiseArg
  • sanitiseMatched
  • sanitiseMatchedBytes
  • sanitiseRequestHeader
  • sanitiseResponseHeader
  • setuid
  • setrsc
  • setsid
  • setenv
  • xmlns

Operators

The following operators are not supported by translation at this time:

  • fuzzyHash
  • geoLookup
  • gsbLookup
  • inspectFile
  • rsub
  • validateByteRange
  • validateDTD
  • validateHash
  • validateSchema
  • validateUrlEncoding
  • validateUtf8Encoding
  • verifyCC
  • verifyCPF
  • verifySSN
Clone this wiki locally