Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VCC-compiler: Syntax error for breach #9

Open
DaiYamatta opened this issue Oct 13, 2011 · 4 comments
Open

VCC-compiler: Syntax error for breach #9

DaiYamatta opened this issue Oct 13, 2011 · 4 comments

Comments

@DaiYamatta
Copy link

enable include "/etc/varnish/security/breach.vcl";

this code is syntax error.

varnishd -d -f default.vcl
Message from VCC-compiler:
Syntax error at
('/etc/varnish/security/breach/40_generic_attacks.vcl' Line 5 Pos 78)
if(req.http.Cookie ~ "(?:(?:[;|]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"|\;-\s]|$))"){
-----------------------------------------------------------------------------#-----------------

Running VCC-compiler failed, exit 1

VCL compilation failed

varnishd -d -f /etc/varnish/default.vcl
Message from VCC-compiler:
Expected ')' got 'validateUtf8Encoding'
(program line 73), at
('/etc/varnish/security/breach/20_protocol_violations.vcl' Line 256 Pos 15)
if(req.url validateUtf8Encoding ""){
--------------####################-----

Running VCC-compiler failed, exit 1

VCL compilation failed

varnishd -d -f /etc/varnish/default.vcl
Message from VCC-compiler:
Unknown token '%' when looking for BOOL

('/etc/varnish/security/breach/30_http_policy.vcl' Line 5 Pos 8)
if((%{tx.allowed_methods}) ~ "req.request"){
-------#---------------------------------------

Running VCC-compiler failed, exit 1

VCL compilation failed

as is code comment out is running !!
@comotion
Copy link
Owner

Hey Dai,
thanks for the notice
yeah the breach module is not precisely tip top since the port to V3.0 and the introduction of some new mod_security features. I will hack on it some when I get a chance, til then I recommend you use the standard VCL modules shipped with security.vcl.

@comotion
Copy link
Owner

wait, did you say these are the only three errors and if you comment them out it works?

@DaiYamatta
Copy link
Author

Dear comotion

wait, did you say these are the only three errors and if you comment them out it works?

yes!! runnnig.

test enviroment is Scientific Linux 6.1 x86_64. Need more information?

comotion added a commit that referenced this issue Oct 14, 2011
@comotion
skip validateUtf8Enoding (partial #9)
5a33710
@comotion
Copy link
Owner

good to hear! 5a33710 pushes a fix that skips emitting rules for validateUtf8Enoding, since we have to implement that in the upcoming sec.vcl VMOD.
%{tx.allowed_methods} is going to be trickier since I'll have to put something badass together in perl to resolve variables,
while the regex
"(?:(?:[;|]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"|\;-\s]|$))"
I dunno what's wrong here... the regex is straight from the breach ruleset and it seems to complain on valid regex..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@comotion @DaiYamatta