Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
|
From: Christian F. <chr...@ne...> - 2025-04-05 20:23:36
|
Hey Monah, Are you sure the file /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf exists? The error message clearly says it can't be read: CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions Best, Christian On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: > Hello all, > > I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0. However I am > seeing in my http error logs the following > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1). > Operator EQ matched 0 at TX. [file > "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] > [line "64"] [id "901001"] [msg "CRS is deployed without configuration! > Please copy the crs-setup.conf.example template to crs-setup.conf, and > include the crs-setup.conf file in your webserver configuration before > including the CRS rules. See the INSTALL file in the CRS directory for > detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag > "OWASP_CRS"] > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs > crs-setup.conf > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf > > > Thanks > Monah > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
