Re: [mod-security-users] modsec working but failing with core rules
Brought to you by:
victorhora,
zimmerletw
From: Edward P. <edw...@ne...> - 2007-01-23 10:07:03
|
Thanks for your reply - I think you might have hit the nail on the head, I'm running this version of mod security: ModSecurity for Apache 1.x, http://www.modsecurity.org/ $Id: mod_security.c,v 1.269.2.5 2005/11/30 15:16:52 ivanr Exp $ Does mod security 2 work with apache 1? I obtained the core rules from here: http://www.modsecurity.org/download/modsecurity-core-rules_2.0-1.2.tar.gz Extracts from my httpd.conf: LoadModule security_module libexec/mod_security.so AddModule mod_security.c Include "/usr/local/apache/conf/modsec.conf" -----Original Message----- From: Ofer Shezaf [mailto:OferS@Breach.com] Sent: 23 January 2007 09:50 To: Edward Prendergast; mod...@li... Subject: RE: [mod-security-users] modsec working but failing with core rules Please note that the core rule set works only with ModSecurity 2.x. If you are using version 2.0, the fact that this directive, which is the 1st ModSecurity directive is not accepted indicates that ModSecurity is not loaded correctly. Can you send the directive used to load ModSecurity .so and to include the Core Rule Set so we can further assist? Thanks ~ Ofer > -----Original Message----- > From: mod...@li... [mailto:mod- > sec...@li...] On Behalf Of Edward > Prendergast > Sent: Tuesday, January 23, 2007 11:38 AM > To: mod...@li... > Subject: [mod-security-users] modsec working but failing with core rules > > Hi, > > I have modsecurity installed and loaded - I ran a test attack through and > it > got caught by mod security and a note added to the audit log. However, > when > I try and add core rules I get the following error: > > Syntax error on line 53 of /etc/httpd/conf/modsecurity_crs_10_config.conf: > Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module > not included in the server configuration > > I'm adding these rules to an already working configuration (using > Include... > lines in my modsec.conf) which is why I'm not sure where to start > debugging. > > I'm running Apache/1.3.37 (Unix) mod_auth_passthrough/1.8 > mod_log_bytes/1.2 > mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 > OpenSSL/0.9.7a, > It's a distro install on Red Hat Enterprise Linux ES release 4 (Nahant > Update 4). > > Thanks, > Edward > > > > > The information in this email is confidential and may be legally > privileged. > It is intended solely for the addressee. Access to this email by anyone > else > is unauthorised. If you are not the intended recipient, any action taken > or > omitted to be taken in reliance on it, any form of reproduction, > dissemination, copying, disclosure, modification, distribution and/or > publication of this E-mail message is strictly prohibited and may be > unlawful. If you have received this E-mail message in error, please notify > us immediately. Please also destroy and delete the message from your > computer. > > > ------------------------------------------------------------------------ - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE V > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any action taken or omitted to be taken in reliance on it, any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this E-mail message is strictly prohibited and may be unlawful. If you have received this E-mail message in error, please notify us immediately. Please also destroy and delete the message from your computer. |