Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
|
From: Monah B. <mon...@gm...> - 2025-04-06 11:10:44
|
Hi Ervin,
Here is he output
root@waf:/usr/local/etc/apache24 # grep -A12 900990
/usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
"id:900990,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.13.0',\
setvar:tx.crs_setup_version=4130"
As far as my apache using
/usr/local/etc/apache24/modules.d/280_mod_security.conf, I am sure because
if I were to comment
LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
I get
root@waf:/home/mbaki # apachectl restart
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 97 of
/usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf:
Invalid command 'SecDefaultAction', perhaps misspelled or defined by a
module not included in the server configuration
Thanks
Monah
On Sun, Apr 6, 2025 at 4:54 AM Ervin Hegedüs <ai...@gm...> wrote:
> Hi Monan,
>
>
> On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote:
> >
> > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
> > crs-setup.conf
>
> as Christian wrote this is very strange.
>
> Anyway,
>
> are you sure your engine use this file?
>
> > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
>
> could you replace this line:
>
> > IncludeOptional
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>
> by this one:
>
> Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>
> so just remote the "Optional" string.
>
> And could you show us the output of this command?
>
> grep -A12 900990
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>
>
> Thanks,
>
>
> a.
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
