[mod-security-users] Upgrade to owasp-coreruleset 4.13.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Upgrade to owasp-coreruleset 4.13.0
|
From: Monah B. <mon...@gm...> - 2025-04-05 20:02:48
|
Hello all, I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0. However I am seeing in my http error logs the following [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] [line "64"] [id "901001"] [msg "CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "OWASP_CRS"] ls /usr/local/etc/modsecurity/owasp-modsecurity-crs crs-setup.conf cat /usr/local/etc/apache24/modules.d/280_mod_security.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf Thanks Monah |
