Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
|
From: Monah B. <mon...@gm...> - 2025-04-06 01:32:11
|
Ofcourse
SecAction \
"id:900990,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.13.0',\
setvar:tx.crs_setup_version=4130"
Thanks
On Sat, Apr 5, 2025 at 7:19 PM Christian Folini <chr...@ne...>
wrote:
> Hey Monah,
>
> This is very strange. Filename, location and permissions look ok.
>
> Can you show us rule 900990 from crs-setup.conf, where tx.crs_setup_version
> is being set?
>
> Best,
>
> Christian
> On Sat, Apr 05, 2025 at 04:39:30PM -0400, Monah Baki wrote:
> > Hi Christian,
> >
> > ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18
> > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> >
> >
> > Also
> >
> > mbaki@waf:~ $ ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/
> > total 320
> > drwxr-xr-x 9 mbaki mbaki 1024 Apr 5 10:47 .
> > drwxr-xr-x 4 root wheel 512 Apr 5 10:57 ..
> > -rw-r--r-- 1 mbaki mbaki 518 Mar 31 11:18 .editorconfig
> > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 .github
> > -rw-r--r-- 1 mbaki mbaki 661 Mar 31 11:18 .gitignore
> > -rw-r--r-- 1 mbaki mbaki 0 Mar 31 11:18 .gitmodules
> > -rw-r--r-- 1 mbaki mbaki 315 Mar 31 11:18 .linelint.yml
> > -rw-r--r-- 1 mbaki mbaki 432 Mar 31 11:18 .pre-commit-config.yaml
> > -rw-r--r-- 1 mbaki mbaki 751 Mar 31 11:18 .yamllint.yml
> > -rw-r--r-- 1 mbaki mbaki 144155 Mar 31 11:18 CHANGES.md
> > -rw-r--r-- 1 mbaki mbaki 28523 Mar 31 11:18 CONTRIBUTING.md
> > -rw-r--r-- 1 mbaki mbaki 6564 Mar 31 11:18 CONTRIBUTORS.md
> > -rw-r--r-- 1 mbaki mbaki 11489 Mar 31 11:18 INSTALL.md
> > -rw-r--r-- 1 mbaki mbaki 2783 Mar 31 11:18 KNOWN_BUGS.md
> > -rw-r--r-- 1 mbaki mbaki 11347 Mar 31 11:18 LICENSE
> > -rw-r--r-- 1 mbaki mbaki 2871 Mar 31 11:18 README.md
> > -rw-r--r-- 1 mbaki mbaki 4543 Mar 31 11:18 SECURITY.md
> > -rw-r--r-- 1 mbaki mbaki 89 Mar 31 11:18 SPONSORS.md
> > -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18 crs-setup.conf
> > drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 docs
> > drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 plugins
> > drwxr-xr-x 4 mbaki mbaki 2560 Mar 31 11:18 regex-assembly
> > -rw-r--r-- 1 mbaki mbaki 222 Mar 31 11:18 renovate.json
> > drwxr-xr-x 2 mbaki mbaki 2048 Apr 5 09:55 rules
> > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 tests
> > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 util
> >
> >
> > Thanks
> > Monah
> >
> > On Sat, Apr 5, 2025 at 4:26 PM Christian Folini <
> chr...@ne...>
> > wrote:
> >
> > > Hey Monah,
> > >
> > > Are you sure the file
> > >
> > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > >
> > > exists?
> > >
> > > The error message clearly says it can't be read:
> > >
> > > CRS is deployed without configuration!
> > > Please copy the crs-setup.conf.example template to crs-setup.conf, and
> > > include the crs-setup.conf file in your webserver configuration before
> > > including the CRS rules. See the INSTALL file in the CRS directory for
> > > detailed instructions
> > >
> > > Best,
> > >
> > > Christian
> > >
> > > On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote:
> > > > Hello all,
> > > >
> > > > I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0.
> However I
> > > am
> > > > seeing in my http error logs the following
> > > >
> > > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152]
> [client
> > > > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase
> 1).
> > > > Operator EQ matched 0 at TX. [file
> > > >
> > >
> "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"]
> > > > [line "64"] [id "901001"] [msg "CRS is deployed without
> configuration!
> > > > Please copy the crs-setup.conf.example template to crs-setup.conf,
> and
> > > > include the crs-setup.conf file in your webserver configuration
> before
> > > > including the CRS rules. See the INSTALL file in the CRS directory
> for
> > > > detailed instructions"] [severity "CRITICAL"] [ver
> "OWASP_CRS/4.13.0"]
> > > [tag
> > > > "OWASP_CRS"]
> > > >
> > > >
> > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
> > > > crs-setup.conf
> > > >
> > > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
> > > > IncludeOptional
> > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > > > IncludeOptional
> > > >
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf
> > > > IncludeOptional
> > > >
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf
> > > > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf
> > > > IncludeOptional
> > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf
> > > >
> > > >
> > > > Thanks
> > > > Monah
> > >
> > >
> > > > _______________________________________________
> > > > mod-security-users mailing list
> > > > mod...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > > http://www.modsecurity.org/projects/commercial/rules/
> > > > http://www.modsecurity.org/projects/commercial/support/
> > >
> > >
> > >
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > http://www.modsecurity.org/projects/commercial/rules/
> > > http://www.modsecurity.org/projects/commercial/support/
> > >
>
>
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
