Re: [mod-security-users] SecFilterEngine NOT WORKING

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Sonny,

On 5/22/09, SONNY LASKAR <son...@gm...> wrote:
> Hi,
> Thanks , after modifying the <if module> the mod security logs are
> getting formed.
> But when I use SecFilter it is showing error.
> I used the following line in mod_security.conf
> SecFilterEngine On
>
> After that I issued the following command
> [root@se-dev-web logs]# ../bin/apachectl configtest
> Syntax error on line 10 of /usr/local/apache/conf/mod_security.conf:
> Invalid command 'SecFilterEngine', perhaps misspelled or defined by a
> module not included in the server configuration
My guess is you are using the <IfModule mod_security2> (ModSecurity
2.x) while your mod_security.conf using the mod_security (ModSecurity
1.x) directive.

If you use <IfModule mod_security2>, the command is :

SecRuleEngine On

not SecFilterEngine

BTW, where did you get the mod_security.conf file ?

You can use the mod_security.conf file included with the ModSecurity 2
tarball (http://www.modsecurity.org/download/modsecurity-apache_2.5.9.tar.gz),
the name is modsecurity.conf-minimal. There are also ModSecurity Core
Rule Set included with the tarball, in the rules directory.

-- 
cheers,

tedi
Blog      : http://theriyanto.wordpress.com
Website : http://tedi.heriyanto.net
You Need More Than Awareness : Stay Alert!