ModSecurity: Failed to load locate the unicode map file from: unicode.mapping 20127

Describe the bug

v3 of ModSecurity - pulling from master branch.

Running mod security on Nginx inside docker container using ModSecurity nginx connector and getting the following error when the container starts up:

“modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 192. Column: 17. Failed to load locate the unicode map file from: unicode.mapping 20127 Looking at: ‘unicode.mapping 20127’, ‘unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’. in /etc/nginx/nginx.conf:17

nginx.conf (/etc/nginx/nginx.conf)

load_module modules/ngx_http_modsecurity_module.so;
error_log /dev/stdout ${LOG_LEVEL};

events {
  worker_connections 1024;
}

http {
    access_log /dev/stdout;
    server_tokens off;
    server {
        listen 443 ssl;
        server_name waf;
        ssl_certificate certs/cert.pem;
        ssl_certificate_key certs/key.pem;
        modsecurity on;
        modsecurity_rules_file /etc/nginx/modsec/main.conf;


        location / {
            proxy_pass https://${LOCATION_ADDRESS};
            modsecurity on;
        }

        error_page 403 404 405 500 501 502 503 504 /error/error.html;

        location ^~ /error/ {
            internal;
            root /usr/share/nginx;
            modsecurity off;
        }

        location = /amihealthy {
            return 200;
        }
    }
}

Dockerfile

FROM nginx:1.15.3-alpine
RUN set -xe && \
    apk --no-cache update && \
        apk add --no-cache --virtual .build-deps \
        gcc \
        libc-dev \
        make \
        openssl-dev \
        pcre-dev \
        zlib-dev \
        linux-headers \
        curl \
        gnupg \
        libxslt-dev \
        gd-dev \
        perl-dev \
        py-pip \
        py-setuptools \
    && apk add --no-cache --virtual .libmodsecurity-deps \
        pcre-dev \
        libxml2-dev \
        automake \
        autoconf \
        g++ \
        flex \
        bison \
        yajl-dev \
    # dependencies that should not be removed
    && apk add --no-cache \
        libtool \
        doxygen \
        geoip \
        geoip-dev \
        yajl \
        libstdc++ \
        git \
        sed \
        python

# install aws cli
RUN set -xe && \
    pip --no-cache-dir install --upgrade pip && \
    pip --no-cache-dir install awscli

# install modsecurity
WORKDIR /opt/ModSecurity
RUN set -xe && \
    git clone -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity . && \
    git submodule init && \
    git submodule update && \
    ./build.sh && \
    ./configure && make && make install

# install nginx connector
WORKDIR /opt
RUN git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git && \
    wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz && \
    tar zxvf nginx-$NGINX_VERSION.tar.gz

WORKDIR /opt/nginx-$NGINX_VERSION
RUN set -xe && \
    ./configure --with-compat --add-dynamic-module=../ModSecurity-nginx && \
    make modules && \
    cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules

# install owasp ruleset
WORKDIR /opt
RUN set -xe && \
    git clone -b v3.0/master https://github.com/SpiderLabs/owasp-modsecurity-crs && \
    mv owasp-modsecurity-crs/ /usr/local/

RUN set -xe && \
    mkdir /etc/nginx/modsec && \
    rm -fr /etc/nginx/nginx.conf

COPY conf/nginx/nginx.conf /etc/nginx/nginx.conf.template
COPY conf/modsec/ /etc/nginx/modsec/
COPY conf/owasp/ /usr/local/owasp-modsecurity-crs/
COPY error/ /usr/share/nginx/error/
COPY certs/ /etc/nginx/certs/

# remove unnecessary stuff
RUN set -xe && \
    apk del .build-deps && \
    apk del .libmodsecurity-deps && \
    rm -fr ModSecurity && \
    rm -fr ModSecurity-nginx && \
    rm -fr nginx-$NGINX_VERSION.tar.gz && \
    rm -fr nginx-$NGINX_VERSION && \
    rm -fr /etc/nginx/conf.d

# execute stuff
COPY ./setupEnvAndStart.sh /etc/nginx/
RUN chmod +x /etc/nginx/setupEnvAndStart.sh
CMD ["sh", "-c", ". /etc/nginx/setupEnvAndStart.sh"]

setupEnvAndStart.sh

#! /bin/bash
config=<config>

for i in $(echo $config | sed "s/,/ /g")
do
  export $i
done

envsubst < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
exec nginx -g 'daemon off;'

modsecurity.conf

Used the modsecurity.conf-recommended

Logs and dumps

[emerg] 1#1: “modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 192. Column: 17. Failed to load locate the unicode map file from: unicode.mapping 20127 Looking at: ‘unicode.mapping 20127’, ‘unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’. in /etc/nginx/nginx.conf:17

nginx: [emerg] “modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 192. Column: 17. Failed to load locate the unicode map file from: unicode.mapping 20127 Looking at: ‘unicode.mapping 20127’, ‘unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’. in /etc/nginx/nginx.conf:17

To Reproduce

Steps to reproduce the behavior:

docker build on the Dockerfile. Add config values in setupEnvAndStart.sh for variables listed in the nginx.conf above docker run on resulting image (exposing port 443)

Expected behavior

Nginx should start up without errors, instead it errors as above

Server (please complete the following information):

  • ModSecurity version (and connector): ModSecurity v3.0.2 (but pulled from v3/master at build time) with nginx-connector v1.0.0
  • WebServer: nginx-1.15.3
  • OS (and distro): RHEL 7.5

Rule Set (please complete the following information):

v3.0/master https://github.com/SpiderLabs/owasp-modsecurity-crs

Additional context

This has previously worked - on 23/10/18 this was built with image size of 451.11 MB…today’s (25/10/18) build is 462.04 MB - no additional config was included from our end.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 36 (8 by maintainers)

Commits related to this issue

Most upvoted comments

@victorhora

First this Error

nginx: [emerg] “modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 234. Column: 17. Failed to load locate the unicode map file from: unicode.mapping 20127 Looking at: ‘unicode.mapping 20127’, ‘unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’, ‘/etc/nginx/modsec/unicode.mapping 20127’. in /etc/nginx/nginx.conf:28 nginx: configuration file /etc/nginx/nginx.conf test failed

Then $ sudo cp ~/ModSecurity/unicode.mapping /etc/nginx/modsec/

$ sudo nginx -t Segmentation fault

$systemctl status nginx.service ● nginx.service - nginx - high performance web server Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: failed (Result: core-dump) since Mon 2018-10-29 06:13:10 UTC; 7s ago

Commenting out #SecUnicodeMapFile unicode.mapping 20127

Makes Everything Normal.

+15
ghost on Oct 29, 2018

ls /etc/nginx/conf.d/modsecurity.conf /etc/nginx/conf.d/unicode.mapping

/etc/nginx/conf.d/modsecurity.conf /etc/nginx/conf.d/unicode.mapping

This works ( I mean having modsecurity.conf and unicode.mapping in the same folder)

+6
AnoopAlias on Oct 29, 2018

Started this using this URL, nginx 1.16.1 using ppa:nginx/stable

Encountered same problem, just did cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec/ and everything worked. Just need to document this now, it seems!

+4
m-faraz on Apr 18, 2020

It appears that e3b9f7c broke libmodsecurity compilation for me. Output from make:

libtool: compile:  g++ -DHAVE_CONFIG_H -I. -std=c++11 -I.. -g -I../others -fPIC -O3 -I../headers -DWITH_GEOIP -I/usr/include -DWITH_YAJL -DPCRE_HAVE_JIT -I/usr/include/libxml2 -DWITH_LIBXML2 -g -O2 -MT libmodsecurity_la-rules_properties.lo -MD -MP -MF .deps/libmodsecurity_la-rules_properties.Tpo -c rules_properties.cc  -fPIC -DPIC -o .libs/libmodsecurity_la-rules_properties.o
rules_properties.cc: In static member function 'static void modsecurity::ConfigUnicodeMap::loadConfig(std::string, double, modsecurity::RulesProperties*, std::string*)':
rules_properties.cc:50:48: error: no match for 'operator[]' (operand types are 'std::shared_ptr<int []>' and 'int')
     driver->m_unicodeMapTable.m_unicodeMapTable[0x3002] = 0x2e;
                                                ^
rules_properties.cc:52:48: error: no match for 'operator[]' (operand types are 'std::shared_ptr<int []>' and 'int')
     driver->m_unicodeMapTable.m_unicodeMapTable[0xff61] = 0x2e;
                                                ^
rules_properties.cc:54:48: error: no match for 'operator[]' (operand types are 'std::shared_ptr<int []>' and 'int')
     driver->m_unicodeMapTable.m_unicodeMapTable[0xff0e] = 0x2e;
                                                ^
rules_properties.cc:56:48: error: no match for 'operator[]' (operand types are 'std::shared_ptr<int []>' and 'int')
     driver->m_unicodeMapTable.m_unicodeMapTable[0x002e] = 0x2e;
                                                ^
rules_properties.cc:109:64: error: no match for 'operator[]' (operand types are 'std::shared_ptr<int []>' and 'int')
                     driver->m_unicodeMapTable.m_unicodeMapTable[code] = Map;
                                                                ^
In file included from /usr/include/c++/4.8.5/bits/shared_ptr.h:52:0,
                 from /usr/include/c++/4.8.5/memory:82,
                 from ../headers/modsecurity/modsecurity.h:80,
                 from ../headers/modsecurity/rules_properties.h:32,
                 from rules_properties.cc:16:
/usr/include/c++/4.8.5/bits/shared_ptr_base.h: In instantiation of 'std::__shared_ptr<_Tp, _Lp>::__shared_ptr(std::unique_ptr<_Up, _Ep>&&) [with _Tp1 = int []; _Del = std::default_delete<int []>; _Tp = int []; __gnu_cxx::_Lock_policy _Lp = (__gnu_cxx::_Lock_policy)2u]':
/usr/include/c++/4.8.5/bits/shared_ptr_base.h:876:4:   required from 'std::__shared_ptr<_Tp, _Lp>& std::__shared_ptr<_Tp, _Lp>::operator=(std::unique_ptr<_Up, _Ep>&&) [with _Tp1 = int []; _Del = std::default_delete<int []>; _Tp = int []; __gnu_cxx::_Lock_policy _Lp = (__gnu_cxx::_Lock_policy)2u]'
/usr/include/c++/4.8.5/bits/shared_ptr.h:307:4:   required from 'std::shared_ptr<_Tp>& std::shared_ptr<_Tp>::operator=(std::unique_ptr<_Up, _Ep>&&) [with _Tp1 = int []; _Del = std::default_delete<int []>; _Tp = int []]'
rules_properties.cc:44:49:   required from here
/usr/include/c++/4.8.5/bits/shared_ptr_base.h:819:35: error: cannot convert 'std::unique_ptr<int []>::pointer {aka int*}' to 'int (*)[]' in initialization
  : _M_ptr(__r.get()), _M_refcount()
                                   ^

FWIW I’m on Amazon Linux and can still build on 84ece3e

Fixed at: 18cdffdbca75e6b9f790f6df2807a32cd805c0a0

+4
zimmerle on Nov 1, 2018

If it’s worth anything. I fixed the problem by copying the unicode.mapping file to the nginx modsec folder.

sudo cp path/to/cloned/modsec/repo/unicode.mapping /etc/nginx/modsec/unicode.mapping

+3
pl853 on Nov 26, 2019

capture I had an issue after update nginx

Nov 21 23:22:49 vpbx.voipcom.gr nginx[19879]: nginx: [emerg] “modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 236. Column: 17. Failed to open the unicode map file from Nov 21 23:22:49 vpbx.voipcom.gr systemd[1]: nginx.service: control process exited, code=exited status=1 Nov 21 23:22:49 vpbx.voipcom.gr systemd[1]: Failed to start nginx - high performance web server.

I copied unicode.mapping in the same folder of modsecurity.conf and I change the next line SecUnicodeMapFile unicode.mapping 20127 to ==>> SecUnicodeMapFile ./unicode.mapping 20127

nginx started

I hope this help someone

System: Debian 8

+2
kavvalos on Nov 21, 2018

Thanks a lot to Developers/Maintainers @zimmerle @victorhora , SecUnicodeMapFile unicode.mapping file is no-longer creating errors atleast in my setup

Ubuntu cosmic minimal Nginx 1.15.5 Modsec v3/master

kudos

+2
ghost on Nov 1, 2018

1 - Put the unicode.mapping as part of v3/master

Added as of https://github.com/SpiderLabs/ModSecurity/commit/662fe63a47d012b89175ea7da5be1a8f7e76014c.

The error message “Failed to load locate the unicode map file” should go away as long as the file is on the same directory as the configuration file. Alternatively, the user can also change / disable the functionality on the modsecurity.conf-recommended.

2 - Fix SecUnicodeMapFile to better understand the map code (last parameter). 3 - Create a test case for this thing.

Working on it 😃

+2
victorhora on Oct 26, 2018

capture I had an issue after update nginx

Nov 21 23:22:49 vpbx.voipcom.gr nginx[19879]: nginx: [emerg] “modsecurity_rules_file” directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 236. Column: 17. Failed to open the unicode map file from Nov 21 23:22:49 vpbx.voipcom.gr systemd[1]: nginx.service: control process exited, code=exited status=1 Nov 21 23:22:49 vpbx.voipcom.gr systemd[1]: Failed to start nginx - high performance web server.

I copied unicode.mapping in the same folder of modsecurity.conf and I change the next line SecUnicodeMapFile unicode.mapping 20127 to ==>> SecUnicodeMapFile ./unicode.mapping 20127

nginx started

I hope this help someone

System: Debian 8

This save my problem. Thanks

+1
hello-yunshu on Jul 14, 2019

Hey, any news on this issue? How can I solve it? @zimmerle @victorhora

see above shubham-panwar said

@HankQuiter I don’t know much about your system,

but if you use $ git clone --recursive -b v3/master https://github.com/SpiderLabs/ModSecurity

there is unicode.mapping file inside ModSecurity Folder , Which you can copy to the configuration folder.

+1
HankQuiter on Jan 7, 2019

same issue with v3/master: https://github.com/SpiderLabs/ModSecurity/commit/662fe63a47d012b89175ea7da5be1a8f7e76014c

+1
nasatome on Oct 29, 2018

same issue, and Even If the unicode.mapping file is placed inside the configuration folder, still the Nginx can’t be started.

Nginx does detect the file unicode.mapping , but can’t make use of it .

+1
ghost on Oct 28, 2018
Read more comments on GitHub
← ModSecurity: Crashes in v3/dev/3.1-experimental branch
ModSecurity: Fails to compile on ubuntu:xenial (16.04) →