Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
|
From: <az...@po...> - 2025-04-06 13:05:35
|
Are you using any custom rules or CRS modifications? Citát Monah Baki <mon...@gm...>: > Hi Ervin, > > Here is he output > root@waf:/usr/local/etc/apache24 # grep -A12 900990 > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > "id:900990,\ > phase:1,\ > pass,\ > t:none,\ > nolog,\ > tag:'OWASP_CRS',\ > ver:'OWASP_CRS/4.13.0',\ > setvar:tx.crs_setup_version=4130" > > As far as my apache using > /usr/local/etc/apache24/modules.d/280_mod_security.conf, I am sure because > if I were to comment > LoadModule unique_id_module libexec/apache24/mod_unique_id.so > LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so > > I get > > root@waf:/home/mbaki # apachectl restart > Performing sanity check on apache24 configuration: > AH00526: Syntax error on line 97 of > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf: > Invalid command 'SecDefaultAction', perhaps misspelled or defined by a > module not included in the server configuration > > Thanks > Monah > > On Sun, Apr 6, 2025 at 4:54 AM Ervin Hegedüs <ai...@gm...> wrote: > >> Hi Monan, >> >> >> On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: >> > >> > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs >> > crs-setup.conf >> >> as Christian wrote this is very strange. >> >> Anyway, >> >> are you sure your engine use this file? >> >> > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf >> >> could you replace this line: >> >> > IncludeOptional >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf >> >> by this one: >> >> Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf >> >> so just remote the "Optional" string. >> >> And could you show us the output of this command? >> >> grep -A12 900990 >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf >> >> >> Thanks, >> >> >> a. >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> |
