Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. #3115

Open
ic32k opened this issue Mar 28, 2024 · 6 comments
Open

Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. #3115

ic32k opened this issue Mar 28, 2024 · 6 comments
Labels
2.x Related to ModSecurity version 2.x

Comments

@ic32k
Copy link

ic32k commented Mar 28, 2024
edited by airween

Hello,

I'm having issue with Modsecurity 2.9 (it is installed into a plesk server latest version with latest updates)

On every single visit I got a register with that 2 errors:

Message: Could not set variable "ip.xmlrpc_counter" as the collection does not exist.
Message: Could not set variable "ip.brute_force_counter" as the collection does not exist.
Apache-Error: [file "apache2_util.c"] [line 277] [level 3] [client 47.128.63.199] ModSecurity: Could not set variable "ip.xmlrpc_counter" as the collection does not exist. [hostname "c*******.com"] [uri "/img/logo-1660745973.jpg"] [unique_id "ZgVgQVdtYdAwqReLwcyDAwAAABc"]
Apache-Error: [file "apache2_util.c"] [line 277] [level 3] [client 47.128.63.199] ModSecurity: Could not set variable "ip.brute_force_counter" as the collection does not exist. [hostname "c*********.com"] [uri "/img/logo-1660745973.jpg"] [unique_id "ZgVgQVdtYdAwqReLwcyDAwAAABc"]
Stopwatch: 1711628353557358 808 (- - -)
Stopwatch2: 1711628353557358 808; combined=108, p1=50, p2=42, p3=0, p4=0, p5=16, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: "DETECTION_ONLY"

Tried to find info about, but can't find one single result from google nor bing, can please someone helpme to solve this?
@ic32k ic32k added the 2.x Related to ModSecurity version 2.x label Mar 28, 2024
@airween
Copy link
Member

airween commented Mar 28, 2024

Hi @ic32k,

thanks for reporting.

What rule set you use? Are you sure the rule set initialized the ip collection before wants to use that?

See initcol action in the reference. Also please take a look to the Persistent storage section.

@ic32k
Copy link
Author

ic32k commented Mar 28, 2024
edited

IDK the default ruleset from Comodo, but disabled CWAF, so IDK why it shows at if it was the rule responsible for the log...
imagen

As said is a plesk install, so I have no access to the configuration files, etc, only to select the options they let me play with

@airween
Copy link
Member

airween commented Mar 28, 2024

Then in that case, you should report this issue at your provider.

@ic32k
Copy link
Author

ic32k commented Mar 28, 2024

OK, I will report also to them, anyways thank you for your help! if they say the problem is modsec I will come here again ;) )

@airween
Copy link
Member

airween commented May 16, 2024

@ic32k - have you got any help from your provider?

Could we close this issue?

@ic32k
Copy link
Author

ic32k commented May 17, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.x Related to ModSecurity version 2.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@airween @ic32k