Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ofcourse

SecAction \
    "id:900990,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    tag:'OWASP_CRS',\
    ver:'OWASP_CRS/4.13.0',\
    setvar:tx.crs_setup_version=4130"

Thanks

On Sat, Apr 5, 2025 at 7:19 PM Christian Folini <chr...@ne...>
wrote:

> Hey Monah,
>
> This is very strange. Filename, location and permissions look ok.
>
> Can you show us rule 900990 from crs-setup.conf, where tx.crs_setup_version
> is being set?
>
> Best,
>
> Christian
> On Sat, Apr 05, 2025 at 04:39:30PM -0400, Monah Baki wrote:
> > Hi Christian,
> >
> > ls -la  /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > -rw-r--r--  1 mbaki mbaki 35639 Mar 31 11:18
> > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> >
> >
> > Also
> >
> > mbaki@waf:~ $ ls -la  /usr/local/etc/modsecurity/owasp-modsecurity-crs/
> > total 320
> > drwxr-xr-x  9 mbaki mbaki   1024 Apr  5 10:47 .
> > drwxr-xr-x  4 root  wheel    512 Apr  5 10:57 ..
> > -rw-r--r--  1 mbaki mbaki    518 Mar 31 11:18 .editorconfig
> > drwxr-xr-x  5 mbaki mbaki    512 Mar 31 11:18 .github
> > -rw-r--r--  1 mbaki mbaki    661 Mar 31 11:18 .gitignore
> > -rw-r--r--  1 mbaki mbaki      0 Mar 31 11:18 .gitmodules
> > -rw-r--r--  1 mbaki mbaki    315 Mar 31 11:18 .linelint.yml
> > -rw-r--r--  1 mbaki mbaki    432 Mar 31 11:18 .pre-commit-config.yaml
> > -rw-r--r--  1 mbaki mbaki    751 Mar 31 11:18 .yamllint.yml
> > -rw-r--r--  1 mbaki mbaki 144155 Mar 31 11:18 CHANGES.md
> > -rw-r--r--  1 mbaki mbaki  28523 Mar 31 11:18 CONTRIBUTING.md
> > -rw-r--r--  1 mbaki mbaki   6564 Mar 31 11:18 CONTRIBUTORS.md
> > -rw-r--r--  1 mbaki mbaki  11489 Mar 31 11:18 INSTALL.md
> > -rw-r--r--  1 mbaki mbaki   2783 Mar 31 11:18 KNOWN_BUGS.md
> > -rw-r--r--  1 mbaki mbaki  11347 Mar 31 11:18 LICENSE
> > -rw-r--r--  1 mbaki mbaki   2871 Mar 31 11:18 README.md
> > -rw-r--r--  1 mbaki mbaki   4543 Mar 31 11:18 SECURITY.md
> > -rw-r--r--  1 mbaki mbaki     89 Mar 31 11:18 SPONSORS.md
> > -rw-r--r--  1 mbaki mbaki  35639 Mar 31 11:18 crs-setup.conf
> > drwxr-xr-x  2 mbaki mbaki    512 Mar 31 11:18 docs
> > drwxr-xr-x  2 mbaki mbaki    512 Mar 31 11:18 plugins
> > drwxr-xr-x  4 mbaki mbaki   2560 Mar 31 11:18 regex-assembly
> > -rw-r--r--  1 mbaki mbaki    222 Mar 31 11:18 renovate.json
> > drwxr-xr-x  2 mbaki mbaki   2048 Apr  5 09:55 rules
> > drwxr-xr-x  5 mbaki mbaki    512 Mar 31 11:18 tests
> > drwxr-xr-x  5 mbaki mbaki    512 Mar 31 11:18 util
> >
> >
> > Thanks
> > Monah
> >
> > On Sat, Apr 5, 2025 at 4:26 PM Christian Folini <
> chr...@ne...>
> > wrote:
> >
> > > Hey Monah,
> > >
> > > Are you sure the file
> > >
> > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > >
> > > exists?
> > >
> > > The error message clearly says it can't be read:
> > >
> > > CRS is deployed without configuration!
> > > Please copy the crs-setup.conf.example template to crs-setup.conf, and
> > > include the crs-setup.conf file in your webserver configuration before
> > > including the CRS rules. See the INSTALL file in the CRS directory for
> > > detailed instructions
> > >
> > > Best,
> > >
> > > Christian
> > >
> > > On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote:
> > > > Hello all,
> > > >
> > > > I am running Freebsd 14.2 and  I upgraded my owasp to v4.13.0.
> However I
> > > am
> > > > seeing in my http error logs the following
> > > >
> > > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152]
> [client
> > > > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase
> 1).
> > > > Operator EQ matched 0 at TX. [file
> > > >
> > >
> "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"]
> > > > [line "64"] [id "901001"] [msg "CRS is deployed without
> configuration!
> > > > Please copy the crs-setup.conf.example template to crs-setup.conf,
> and
> > > > include the crs-setup.conf file in your webserver configuration
> before
> > > > including the CRS rules. See the INSTALL file in the CRS directory
> for
> > > > detailed instructions"] [severity "CRITICAL"] [ver
> "OWASP_CRS/4.13.0"]
> > > [tag
> > > > "OWASP_CRS"]
> > > >
> > > >
> > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
> > > > crs-setup.conf
> > > >
> > > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
> > > > IncludeOptional
> > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > > > IncludeOptional
> > > >
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf
> > > > IncludeOptional
> > > >
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf
> > > > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf
> > > > IncludeOptional
> > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf
> > > >
> > > >
> > > > Thanks
> > > > Monah
> > >
> > >
> > > > _______________________________________________
> > > > mod-security-users mailing list
> > > > mod...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > > http://www.modsecurity.org/projects/commercial/rules/
> > > > http://www.modsecurity.org/projects/commercial/support/
> > >
> > >
> > >
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > http://www.modsecurity.org/projects/commercial/rules/
> > > http://www.modsecurity.org/projects/commercial/support/
> > >
>
>
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>