[mod-security-users] Upgrade to owasp-coreruleset 4.13.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello all,

I am running Freebsd 14.2 and  I upgraded my owasp to v4.13.0. However I am
seeing in my http error logs the following

[Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client
23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1).
Operator EQ matched 0 at TX. [file
"/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"]
[line "64"] [id "901001"] [msg "CRS is deployed without configuration!
Please copy the crs-setup.conf.example template to crs-setup.conf, and
include the crs-setup.conf file in your webserver configuration before
including the CRS rules. See the INSTALL file in the CRS directory for
detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag
"OWASP_CRS"]

ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
crs-setup.conf

cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
IncludeOptional
/usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
IncludeOptional
/usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf
IncludeOptional
/usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf
Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf
IncludeOptional
/usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf

Thanks
Monah