Thread: [mod-security-users] Upgrade to owasp-coreruleset 4.13.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Monah B. <mon...@gm...> - 2025-04-05 20:02:48
|
Hello all, I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0. However I am seeing in my http error logs the following [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] [line "64"] [id "901001"] [msg "CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "OWASP_CRS"] ls /usr/local/etc/modsecurity/owasp-modsecurity-crs crs-setup.conf cat /usr/local/etc/apache24/modules.d/280_mod_security.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf Thanks Monah |
|
From: Christian F. <chr...@ne...> - 2025-04-05 20:23:36
|
Hey Monah, Are you sure the file /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf exists? The error message clearly says it can't be read: CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions Best, Christian On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: > Hello all, > > I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0. However I am > seeing in my http error logs the following > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1). > Operator EQ matched 0 at TX. [file > "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] > [line "64"] [id "901001"] [msg "CRS is deployed without configuration! > Please copy the crs-setup.conf.example template to crs-setup.conf, and > include the crs-setup.conf file in your webserver configuration before > including the CRS rules. See the INSTALL file in the CRS directory for > detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag > "OWASP_CRS"] > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs > crs-setup.conf > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf > IncludeOptional > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf > > > Thanks > Monah > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Monah B. <mon...@gm...> - 2025-04-05 20:40:23
|
Hi Christian, ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18 /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf Also mbaki@waf:~ $ ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/ total 320 drwxr-xr-x 9 mbaki mbaki 1024 Apr 5 10:47 . drwxr-xr-x 4 root wheel 512 Apr 5 10:57 .. -rw-r--r-- 1 mbaki mbaki 518 Mar 31 11:18 .editorconfig drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 .github -rw-r--r-- 1 mbaki mbaki 661 Mar 31 11:18 .gitignore -rw-r--r-- 1 mbaki mbaki 0 Mar 31 11:18 .gitmodules -rw-r--r-- 1 mbaki mbaki 315 Mar 31 11:18 .linelint.yml -rw-r--r-- 1 mbaki mbaki 432 Mar 31 11:18 .pre-commit-config.yaml -rw-r--r-- 1 mbaki mbaki 751 Mar 31 11:18 .yamllint.yml -rw-r--r-- 1 mbaki mbaki 144155 Mar 31 11:18 CHANGES.md -rw-r--r-- 1 mbaki mbaki 28523 Mar 31 11:18 CONTRIBUTING.md -rw-r--r-- 1 mbaki mbaki 6564 Mar 31 11:18 CONTRIBUTORS.md -rw-r--r-- 1 mbaki mbaki 11489 Mar 31 11:18 INSTALL.md -rw-r--r-- 1 mbaki mbaki 2783 Mar 31 11:18 KNOWN_BUGS.md -rw-r--r-- 1 mbaki mbaki 11347 Mar 31 11:18 LICENSE -rw-r--r-- 1 mbaki mbaki 2871 Mar 31 11:18 README.md -rw-r--r-- 1 mbaki mbaki 4543 Mar 31 11:18 SECURITY.md -rw-r--r-- 1 mbaki mbaki 89 Mar 31 11:18 SPONSORS.md -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18 crs-setup.conf drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 docs drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 plugins drwxr-xr-x 4 mbaki mbaki 2560 Mar 31 11:18 regex-assembly -rw-r--r-- 1 mbaki mbaki 222 Mar 31 11:18 renovate.json drwxr-xr-x 2 mbaki mbaki 2048 Apr 5 09:55 rules drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 tests drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 util Thanks Monah On Sat, Apr 5, 2025 at 4:26 PM Christian Folini <chr...@ne...> wrote: > Hey Monah, > > Are you sure the file > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > > exists? > > The error message clearly says it can't be read: > > CRS is deployed without configuration! > Please copy the crs-setup.conf.example template to crs-setup.conf, and > include the crs-setup.conf file in your webserver configuration before > including the CRS rules. See the INSTALL file in the CRS directory for > detailed instructions > > Best, > > Christian > > On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: > > Hello all, > > > > I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0. However I > am > > seeing in my http error logs the following > > > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client > > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1). > > Operator EQ matched 0 at TX. [file > > > "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] > > [line "64"] [id "901001"] [msg "CRS is deployed without configuration! > > Please copy the crs-setup.conf.example template to crs-setup.conf, and > > include the crs-setup.conf file in your webserver configuration before > > including the CRS rules. See the INSTALL file in the CRS directory for > > detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] > [tag > > "OWASP_CRS"] > > > > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs > > crs-setup.conf > > > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf > > IncludeOptional > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > > IncludeOptional > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf > > IncludeOptional > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf > > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf > > IncludeOptional > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf > > > > > > Thanks > > Monah > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2025-04-05 23:15:43
|
Hey Monah, This is very strange. Filename, location and permissions look ok. Can you show us rule 900990 from crs-setup.conf, where tx.crs_setup_version is being set? Best, Christian On Sat, Apr 05, 2025 at 04:39:30PM -0400, Monah Baki wrote: > Hi Christian, > > ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18 > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > > > Also > > mbaki@waf:~ $ ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/ > total 320 > drwxr-xr-x 9 mbaki mbaki 1024 Apr 5 10:47 . > drwxr-xr-x 4 root wheel 512 Apr 5 10:57 .. > -rw-r--r-- 1 mbaki mbaki 518 Mar 31 11:18 .editorconfig > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 .github > -rw-r--r-- 1 mbaki mbaki 661 Mar 31 11:18 .gitignore > -rw-r--r-- 1 mbaki mbaki 0 Mar 31 11:18 .gitmodules > -rw-r--r-- 1 mbaki mbaki 315 Mar 31 11:18 .linelint.yml > -rw-r--r-- 1 mbaki mbaki 432 Mar 31 11:18 .pre-commit-config.yaml > -rw-r--r-- 1 mbaki mbaki 751 Mar 31 11:18 .yamllint.yml > -rw-r--r-- 1 mbaki mbaki 144155 Mar 31 11:18 CHANGES.md > -rw-r--r-- 1 mbaki mbaki 28523 Mar 31 11:18 CONTRIBUTING.md > -rw-r--r-- 1 mbaki mbaki 6564 Mar 31 11:18 CONTRIBUTORS.md > -rw-r--r-- 1 mbaki mbaki 11489 Mar 31 11:18 INSTALL.md > -rw-r--r-- 1 mbaki mbaki 2783 Mar 31 11:18 KNOWN_BUGS.md > -rw-r--r-- 1 mbaki mbaki 11347 Mar 31 11:18 LICENSE > -rw-r--r-- 1 mbaki mbaki 2871 Mar 31 11:18 README.md > -rw-r--r-- 1 mbaki mbaki 4543 Mar 31 11:18 SECURITY.md > -rw-r--r-- 1 mbaki mbaki 89 Mar 31 11:18 SPONSORS.md > -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18 crs-setup.conf > drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 docs > drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 plugins > drwxr-xr-x 4 mbaki mbaki 2560 Mar 31 11:18 regex-assembly > -rw-r--r-- 1 mbaki mbaki 222 Mar 31 11:18 renovate.json > drwxr-xr-x 2 mbaki mbaki 2048 Apr 5 09:55 rules > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 tests > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 util > > > Thanks > Monah > > On Sat, Apr 5, 2025 at 4:26 PM Christian Folini <chr...@ne...> > wrote: > > > Hey Monah, > > > > Are you sure the file > > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > > > > exists? > > > > The error message clearly says it can't be read: > > > > CRS is deployed without configuration! > > Please copy the crs-setup.conf.example template to crs-setup.conf, and > > include the crs-setup.conf file in your webserver configuration before > > including the CRS rules. See the INSTALL file in the CRS directory for > > detailed instructions > > > > Best, > > > > Christian > > > > On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: > > > Hello all, > > > > > > I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0. However I > > am > > > seeing in my http error logs the following > > > > > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152] [client > > > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase 1). > > > Operator EQ matched 0 at TX. [file > > > > > "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] > > > [line "64"] [id "901001"] [msg "CRS is deployed without configuration! > > > Please copy the crs-setup.conf.example template to crs-setup.conf, and > > > include the crs-setup.conf file in your webserver configuration before > > > including the CRS rules. See the INSTALL file in the CRS directory for > > > detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] > > [tag > > > "OWASP_CRS"] > > > > > > > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs > > > crs-setup.conf > > > > > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf > > > IncludeOptional > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > > > IncludeOptional > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf > > > IncludeOptional > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf > > > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf > > > IncludeOptional > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf > > > > > > > > > Thanks > > > Monah > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Monah B. <mon...@gm...> - 2025-04-06 01:32:11
|
Ofcourse
SecAction \
"id:900990,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.13.0',\
setvar:tx.crs_setup_version=4130"
Thanks
On Sat, Apr 5, 2025 at 7:19 PM Christian Folini <chr...@ne...>
wrote:
> Hey Monah,
>
> This is very strange. Filename, location and permissions look ok.
>
> Can you show us rule 900990 from crs-setup.conf, where tx.crs_setup_version
> is being set?
>
> Best,
>
> Christian
> On Sat, Apr 05, 2025 at 04:39:30PM -0400, Monah Baki wrote:
> > Hi Christian,
> >
> > ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18
> > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> >
> >
> > Also
> >
> > mbaki@waf:~ $ ls -la /usr/local/etc/modsecurity/owasp-modsecurity-crs/
> > total 320
> > drwxr-xr-x 9 mbaki mbaki 1024 Apr 5 10:47 .
> > drwxr-xr-x 4 root wheel 512 Apr 5 10:57 ..
> > -rw-r--r-- 1 mbaki mbaki 518 Mar 31 11:18 .editorconfig
> > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 .github
> > -rw-r--r-- 1 mbaki mbaki 661 Mar 31 11:18 .gitignore
> > -rw-r--r-- 1 mbaki mbaki 0 Mar 31 11:18 .gitmodules
> > -rw-r--r-- 1 mbaki mbaki 315 Mar 31 11:18 .linelint.yml
> > -rw-r--r-- 1 mbaki mbaki 432 Mar 31 11:18 .pre-commit-config.yaml
> > -rw-r--r-- 1 mbaki mbaki 751 Mar 31 11:18 .yamllint.yml
> > -rw-r--r-- 1 mbaki mbaki 144155 Mar 31 11:18 CHANGES.md
> > -rw-r--r-- 1 mbaki mbaki 28523 Mar 31 11:18 CONTRIBUTING.md
> > -rw-r--r-- 1 mbaki mbaki 6564 Mar 31 11:18 CONTRIBUTORS.md
> > -rw-r--r-- 1 mbaki mbaki 11489 Mar 31 11:18 INSTALL.md
> > -rw-r--r-- 1 mbaki mbaki 2783 Mar 31 11:18 KNOWN_BUGS.md
> > -rw-r--r-- 1 mbaki mbaki 11347 Mar 31 11:18 LICENSE
> > -rw-r--r-- 1 mbaki mbaki 2871 Mar 31 11:18 README.md
> > -rw-r--r-- 1 mbaki mbaki 4543 Mar 31 11:18 SECURITY.md
> > -rw-r--r-- 1 mbaki mbaki 89 Mar 31 11:18 SPONSORS.md
> > -rw-r--r-- 1 mbaki mbaki 35639 Mar 31 11:18 crs-setup.conf
> > drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 docs
> > drwxr-xr-x 2 mbaki mbaki 512 Mar 31 11:18 plugins
> > drwxr-xr-x 4 mbaki mbaki 2560 Mar 31 11:18 regex-assembly
> > -rw-r--r-- 1 mbaki mbaki 222 Mar 31 11:18 renovate.json
> > drwxr-xr-x 2 mbaki mbaki 2048 Apr 5 09:55 rules
> > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 tests
> > drwxr-xr-x 5 mbaki mbaki 512 Mar 31 11:18 util
> >
> >
> > Thanks
> > Monah
> >
> > On Sat, Apr 5, 2025 at 4:26 PM Christian Folini <
> chr...@ne...>
> > wrote:
> >
> > > Hey Monah,
> > >
> > > Are you sure the file
> > >
> > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > >
> > > exists?
> > >
> > > The error message clearly says it can't be read:
> > >
> > > CRS is deployed without configuration!
> > > Please copy the crs-setup.conf.example template to crs-setup.conf, and
> > > include the crs-setup.conf file in your webserver configuration before
> > > including the CRS rules. See the INSTALL file in the CRS directory for
> > > detailed instructions
> > >
> > > Best,
> > >
> > > Christian
> > >
> > > On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote:
> > > > Hello all,
> > > >
> > > > I am running Freebsd 14.2 and I upgraded my owasp to v4.13.0.
> However I
> > > am
> > > > seeing in my http error logs the following
> > > >
> > > > [Sat Apr 05 11:24:27.646852 2025] [security2:error] [pid 96152]
> [client
> > > > 23.95.132.51:56151] ModSecurity: Access denied with code 500 (phase
> 1).
> > > > Operator EQ matched 0 at TX. [file
> > > >
> > >
> "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"]
> > > > [line "64"] [id "901001"] [msg "CRS is deployed without
> configuration!
> > > > Please copy the crs-setup.conf.example template to crs-setup.conf,
> and
> > > > include the crs-setup.conf file in your webserver configuration
> before
> > > > including the CRS rules. See the INSTALL file in the CRS directory
> for
> > > > detailed instructions"] [severity "CRITICAL"] [ver
> "OWASP_CRS/4.13.0"]
> > > [tag
> > > > "OWASP_CRS"]
> > > >
> > > >
> > > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
> > > > crs-setup.conf
> > > >
> > > > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
> > > > IncludeOptional
> > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
> > > > IncludeOptional
> > > >
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-config.conf
> > > > IncludeOptional
> > > >
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-before.conf
> > > > Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/*.conf
> > > > IncludeOptional
> > > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/plugins/*-after.conf
> > > >
> > > >
> > > > Thanks
> > > > Monah
> > >
> > >
> > > > _______________________________________________
> > > > mod-security-users mailing list
> > > > mod...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > > http://www.modsecurity.org/projects/commercial/rules/
> > > > http://www.modsecurity.org/projects/commercial/support/
> > >
> > >
> > >
> > > _______________________________________________
> > > mod-security-users mailing list
> > > mod...@li...
> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > > http://www.modsecurity.org/projects/commercial/rules/
> > > http://www.modsecurity.org/projects/commercial/support/
> > >
>
>
> > _______________________________________________
> > mod-security-users mailing list
> > mod...@li...
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> > http://www.modsecurity.org/projects/commercial/rules/
> > http://www.modsecurity.org/projects/commercial/support/
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
|
From: Ervin H. <ai...@gm...> - 2025-04-06 08:51:58
|
Hi Monan, On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: > > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs > crs-setup.conf as Christian wrote this is very strange. Anyway, are you sure your engine use this file? > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf could you replace this line: > IncludeOptional /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf by this one: Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf so just remote the "Optional" string. And could you show us the output of this command? grep -A12 900990 /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf Thanks, a. |
|
From: Monah B. <mon...@gm...> - 2025-04-06 11:10:44
|
Hi Ervin,
Here is he output
root@waf:/usr/local/etc/apache24 # grep -A12 900990
/usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
"id:900990,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.13.0',\
setvar:tx.crs_setup_version=4130"
As far as my apache using
/usr/local/etc/apache24/modules.d/280_mod_security.conf, I am sure because
if I were to comment
LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
I get
root@waf:/home/mbaki # apachectl restart
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 97 of
/usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf:
Invalid command 'SecDefaultAction', perhaps misspelled or defined by a
module not included in the server configuration
Thanks
Monah
On Sun, Apr 6, 2025 at 4:54 AM Ervin Hegedüs <ai...@gm...> wrote:
> Hi Monan,
>
>
> On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote:
> >
> > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
> > crs-setup.conf
>
> as Christian wrote this is very strange.
>
> Anyway,
>
> are you sure your engine use this file?
>
> > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
>
> could you replace this line:
>
> > IncludeOptional
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>
> by this one:
>
> Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>
> so just remote the "Optional" string.
>
> And could you show us the output of this command?
>
> grep -A12 900990
> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>
>
> Thanks,
>
>
> a.
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
|
From: <az...@po...> - 2025-04-06 13:05:35
|
Are you using any custom rules or CRS modifications? Citát Monah Baki <mon...@gm...>: > Hi Ervin, > > Here is he output > root@waf:/usr/local/etc/apache24 # grep -A12 900990 > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > "id:900990,\ > phase:1,\ > pass,\ > t:none,\ > nolog,\ > tag:'OWASP_CRS',\ > ver:'OWASP_CRS/4.13.0',\ > setvar:tx.crs_setup_version=4130" > > As far as my apache using > /usr/local/etc/apache24/modules.d/280_mod_security.conf, I am sure because > if I were to comment > LoadModule unique_id_module libexec/apache24/mod_unique_id.so > LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so > > I get > > root@waf:/home/mbaki # apachectl restart > Performing sanity check on apache24 configuration: > AH00526: Syntax error on line 97 of > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf: > Invalid command 'SecDefaultAction', perhaps misspelled or defined by a > module not included in the server configuration > > Thanks > Monah > > On Sun, Apr 6, 2025 at 4:54 AM Ervin Hegedüs <ai...@gm...> wrote: > >> Hi Monan, >> >> >> On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: >> > >> > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs >> > crs-setup.conf >> >> as Christian wrote this is very strange. >> >> Anyway, >> >> are you sure your engine use this file? >> >> > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf >> >> could you replace this line: >> >> > IncludeOptional >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf >> >> by this one: >> >> Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf >> >> so just remote the "Optional" string. >> >> And could you show us the output of this command? >> >> grep -A12 900990 >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf >> >> >> Thanks, >> >> >> a. >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> |
|
From: Monah B. <mon...@gm...> - 2025-04-06 13:19:03
|
No custom rules. What I did is I renamed my owasp 4.13.0 to a different folder and moved my owasp crs 4.8.0 back to its original folder, restarted apache and from another machine typed the following: curl -I https://osisolutions.net/index.php?f=/../../../../../etc/passwd root@waf:/usr/local/etc/modsecurity # tail -f /var/log/httpd/osisolutions-error_log [Sun Apr 06 09:10:54.062738 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?i)(?:[/\\\\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:\\\\.(?:%0[01]|\\\\?)?|\\\\?\\\\.?|%(?:2( ..." at REQUEST_URI_RAW. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "53"] [id "930100"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?f=/../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"] [Sun Apr 06 09:10:54.063066 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?i)(?:[/\\\\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:\\\\.(?:%0[01]|\\\\?)?|\\\\?\\\\.?|%(?:2( ..." at ARGS:f. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "53"] [id "930100"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within ARGS:f: /../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"] [Sun Apr 06 09:10:54.063240 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?:(?:^|[\\\\x5c/;])\\\\.{2,3}[\\\\x5c/;]|[\\\\x5c/;]\\\\.{2,3}(?:[\\\\x5c/;]|$))" at REQUEST_URI. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "86"] [id "930110"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?f=/../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"] [Sun Apr 06 09:10:54.063389 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?:(?:^|[\\\\x5c/;])\\\\.{2,3}[\\\\x5c/;]|[\\\\x5c/;]\\\\.{2,3}(?:[\\\\x5c/;]|$))" at REQUEST_URI. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "86"] [id "930110"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?f=/../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"] Went and reverted back my owasp 4.13.0 folder and ran the same curl command and got [Sun Apr 06 09:12:38.731325 2025] [security2:error] [pid 47228] [client 71.126.165.145:57026] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] [line "64"] [id "901001"] [msg "CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "OWASP_CRS"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9xiNCfPcpnd_qywN4xQAAAAA"] On Sun, Apr 6, 2025 at 9:08 AM <az...@po...> wrote: > Are you using any custom rules or CRS modifications? > > > > > > Citát Monah Baki <mon...@gm...>: > > > Hi Ervin, > > > > Here is he output > > root@waf:/usr/local/etc/apache24 # grep -A12 900990 > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > > "id:900990,\ > > phase:1,\ > > pass,\ > > t:none,\ > > nolog,\ > > tag:'OWASP_CRS',\ > > ver:'OWASP_CRS/4.13.0',\ > > setvar:tx.crs_setup_version=4130" > > > > As far as my apache using > > /usr/local/etc/apache24/modules.d/280_mod_security.conf, I am sure > because > > if I were to comment > > LoadModule unique_id_module libexec/apache24/mod_unique_id.so > > LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so > > > > I get > > > > root@waf:/home/mbaki # apachectl restart > > Performing sanity check on apache24 configuration: > > AH00526: Syntax error on line 97 of > > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf: > > Invalid command 'SecDefaultAction', perhaps misspelled or defined by a > > module not included in the server configuration > > > > Thanks > > Monah > > > > On Sun, Apr 6, 2025 at 4:54 AM Ervin Hegedüs <ai...@gm...> wrote: > > > >> Hi Monan, > >> > >> > >> On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote: > >> > > >> > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs > >> > crs-setup.conf > >> > >> as Christian wrote this is very strange. > >> > >> Anyway, > >> > >> are you sure your engine use this file? > >> > >> > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf > >> > >> could you replace this line: > >> > >> > IncludeOptional > >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > >> > >> by this one: > >> > >> Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > >> > >> so just remote the "Optional" string. > >> > >> And could you show us the output of this command? > >> > >> grep -A12 900990 > >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf > >> > >> > >> Thanks, > >> > >> > >> a. > >> > >> > >> > >> _______________________________________________ > >> mod-security-users mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > >> http://www.modsecurity.org/projects/commercial/rules/ > >> http://www.modsecurity.org/projects/commercial/support/ > >> > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Andrew H. <and...@ow...> - 2025-04-06 18:34:21
|
Hi Monah,
If in doubt, a concrete troubleshooting step would be to enable debug
logging (to the highest level), re-test, and see precisely what is
(and what is not) happening.
You should be able to observe in the debug log:
* Rule 900990 executing
* The action setvar:tx.crs_setup_version=4130 being executed
* Rule 901001 executing
* The operator &TX:crs_setup_version "@eq 0" being evaluated
Thanks,
Andrew
On Sun, 6 Apr 2025 at 14:19, Monah Baki <mon...@gm...> wrote:
>
> No custom rules.
>
> What I did is I renamed my owasp 4.13.0 to a different folder and moved my owasp crs 4.8.0 back to its original folder, restarted apache and from another machine typed the following:
> curl -I https://osisolutions.net/index.php?f=/../../../../../etc/passwd
>
> root@waf:/usr/local/etc/modsecurity # tail -f /var/log/httpd/osisolutions-error_log
> [Sun Apr 06 09:10:54.062738 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?i)(?:[/\\\\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:\\\\.(?:%0[01]|\\\\?)?|\\\\?\\\\.?|%(?:2( ..." at REQUEST_URI_RAW. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "53"] [id "930100"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?f=/../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"]
> [Sun Apr 06 09:10:54.063066 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?i)(?:[/\\\\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:\\\\.(?:%0[01]|\\\\?)?|\\\\?\\\\.?|%(?:2( ..." at ARGS:f. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "53"] [id "930100"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within ARGS:f: /../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"]
> [Sun Apr 06 09:10:54.063240 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?:(?:^|[\\\\x5c/;])\\\\.{2,3}[\\\\x5c/;]|[\\\\x5c/;]\\\\.{2,3}(?:[\\\\x5c/;]|$))" at REQUEST_URI. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "86"] [id "930110"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?f=/../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"]
> [Sun Apr 06 09:10:54.063389 2025] [security2:error] [pid 47174] [client 71.126.165.145:53450] ModSecurity: Warning. Pattern match "(?:(?:^|[\\\\x5c/;])\\\\.{2,3}[\\\\x5c/;]|[\\\\x5c/;]\\\\.{2,3}(?:[\\\\x5c/;]|$))" at REQUEST_URI. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "86"] [id "930110"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?f=/../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/4.8.0-dev"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9XgOebQ1Fdmj9nC2ctgAAAAA"]
>
>
>
> Went and reverted back my owasp 4.13.0 folder and ran the same curl command and got
>
> [Sun Apr 06 09:12:38.731325 2025] [security2:error] [pid 47228] [client 71.126.165.145:57026] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/local/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"] [line "64"] [id "901001"] [msg "CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "OWASP_CRS"] [hostname "osisolutions.net"] [uri "/index.php"] [unique_id "Z_J9xiNCfPcpnd_qywN4xQAAAAA"]
>
> On Sun, Apr 6, 2025 at 9:08 AM <az...@po...> wrote:
>>
>> Are you using any custom rules or CRS modifications?
>>
>>
>>
>>
>>
>> Citát Monah Baki <mon...@gm...>:
>>
>> > Hi Ervin,
>> >
>> > Here is he output
>> > root@waf:/usr/local/etc/apache24 # grep -A12 900990
>> > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>> > "id:900990,\
>> > phase:1,\
>> > pass,\
>> > t:none,\
>> > nolog,\
>> > tag:'OWASP_CRS',\
>> > ver:'OWASP_CRS/4.13.0',\
>> > setvar:tx.crs_setup_version=4130"
>> >
>> > As far as my apache using
>> > /usr/local/etc/apache24/modules.d/280_mod_security.conf, I am sure because
>> > if I were to comment
>> > LoadModule unique_id_module libexec/apache24/mod_unique_id.so
>> > LoadModule security2_module /usr/local/modsecurity/lib/mod_security2.so
>> >
>> > I get
>> >
>> > root@waf:/home/mbaki # apachectl restart
>> > Performing sanity check on apache24 configuration:
>> > AH00526: Syntax error on line 97 of
>> > /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf:
>> > Invalid command 'SecDefaultAction', perhaps misspelled or defined by a
>> > module not included in the server configuration
>> >
>> > Thanks
>> > Monah
>> >
>> > On Sun, Apr 6, 2025 at 4:54 AM Ervin Hegedüs <ai...@gm...> wrote:
>> >
>> >> Hi Monan,
>> >>
>> >>
>> >> On Sat, Apr 05, 2025 at 04:02:09PM -0400, Monah Baki wrote:
>> >> >
>> >> > ls /usr/local/etc/modsecurity/owasp-modsecurity-crs
>> >> > crs-setup.conf
>> >>
>> >> as Christian wrote this is very strange.
>> >>
>> >> Anyway,
>> >>
>> >> are you sure your engine use this file?
>> >>
>> >> > cat /usr/local/etc/apache24/modules.d/280_mod_security.conf
>> >>
>> >> could you replace this line:
>> >>
>> >> > IncludeOptional
>> >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>> >>
>> >> by this one:
>> >>
>> >> Include /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>> >>
>> >> so just remote the "Optional" string.
>> >>
>> >> And could you show us the output of this command?
>> >>
>> >> grep -A12 900990
>> >> /usr/local/etc/modsecurity/owasp-modsecurity-crs/crs-setup.conf
>> >>
>> >>
>> >> Thanks,
>> >>
>> >>
>> >> a.
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> mod-security-users mailing list
>> >> mod...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>> >> http://www.modsecurity.org/projects/commercial/rules/
>> >> http://www.modsecurity.org/projects/commercial/support/
>> >>
>>
>>
>>
>>
>>
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>> http://www.modsecurity.org/projects/commercial/rules/
>> http://www.modsecurity.org/projects/commercial/support/
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X