Could not set variable "USER.user_false_counter" as the collection does not exist in ModSecurity logs Apache (Windows OS)

  apache, mod-security2, windows

We are using apache module for our web server(windows OS). We need to prevent unsuccessful authentication attempt by the user. Hence we thought to use Mod Security module. I uses this standard configuration setting in "modsecurity-minimal.conf" as below
SecStatusEngine On
SecRule IP:bf_block "@eq 1"
"id:’2000004′,phase:4,deny,
logdata:’Access denied [by IP] IP: @%{REMOTE_ADDR}, user: %{USER.name}’
SecRule USER:bf_block "@eq 1"
"id:’2000005′,phase:4,deny,
logdata:’Access denied [by USER] IP: @%{REMOTE_ADDR}, user: %{USER.name}’

SecRule REQUEST_HEADERS:authorization "Basic ([a-zA-Z0-9]+=*)$" "phase:3,nolog,pass,id:2000012,chain,capture"
    SecRule TX:1 "^([-a-zA-Z0-9_]+):" "t:base64Decode,chain,capture"                
    SecAction initcol:USER=%{TX.1},setvar:USER.name=%{TX.1},initcol:IP=%{REMOTE_ADDR}
    
    
SecRule RESPONSE_STATUS "401" 
    "phase:5,pass,id:2000015,chain,logdata:'basic auth de @%{IP}, var: %{IP.begin}, user: %{USER.name}, ufc: %{USER.user_false_counter}, block: %{USER.bf_block}, IPblock: %{IP.bf_block}, ifc: %{IP.ip_false_counter}'"        
    SecAction setvar:USER.user_false_counter=+1,setvar:IP.ip_false_counter=+1,expirevar:USER.user_false_counter=300,expirevar:IP.ip_false_counter=300

# Check for too many failures for a single username, blocking 30 seconds after 3 tries
SecRule USER:user_false_counter "@ge 2" 
            "id:'2000020',phase:3,t:none,pass,
            setvar:USER.bf_block,
            setvar:!USER.user_false_counter,
            expirevar:USER.bf_block=30"

# Check for too many failures from a single IP address. Block for 5 minutes after 10 tries.
    SecRule IP:ip_false_counter "@ge 2" 
            "id:'2000021',phase:3,pass,t:none, 
            setvar:IP.bf_block,
            setvar:!IP.ip_false_counter,
            expirevar:IP.bf_block=300"      

However when I see the modsec_debug.log, I get following error.

Could not set variable "USER.user_false_counter" as the collection does not exist.

Could not set variable "IP.ip_false_counter" as the collection does not exist.

Please help me how to resolve this issue.

Source: Windows Questions

LEAVE A COMMENT