Rules syntax errors: cwaf_05.conf

After being unable to run the installation script because it required cPanel, I simply added all rules into the mod_sec configuration:

Include conf/mod_security_rules/rules_comodo/*.conf

Restarting httpd generated two errors:

  1. Syntax error on line 67 of /etc/httpd/conf/mod_security_rules/rules_comodo/cwaf_05.conf:
    Error creating rule: Error compiling pattern (offset 0): regular expression too large

  2. Syntax error on line 475 of /etc/httpd/conf/mod_security_rules/rules_comodo/cwaf_05.conf:
    Error creating rule: Unknown variable: MULTIPART_FILENAME

After commenting the above rules in cwaf_05.conf, everything is fine. Comodo rules run in parallel with one of the latest atomic free rule sets.

I still wanted to use the rules on lines 67 and 475… How can I get it fixed?

Thanks

First off all check in your mod_security.conf:

SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000

Error creating rule: Unknown variable: MULTIPART_FILENAME is discussed here:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall-b223.0/-t102728.0.html
I think you should update mod_security.