Mod_Security with CRS
I am having trouble in browsing localhost when I turn the ServerEngineOn in Mod secuirty with CRS. Can anyone help?
-
Did you checked the Apache error log and Is there any Rule causing the blockage ? If so Please either remove that rule from Modsec or whitelist the rule server wide 0 -
[Tue May 30 17:01:56.642719 2017] [:error] [pid 17427] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/share/modsecurity-crs/activated_rules/REQUEST-901-INITIALIZATION.conf"> [line "61"> [id "901001"> [msg "ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions."> [severity "CRITICAL"> [hostname "127.0.0.1"> [uri "/mutillidae/index.php"> [unique_id "WS355H8AAQEAAEQTtGoAAAAB">
This is the error, I am getting. What next should I do?0 -
Are you sure you're using cPanel? Sounds like you should rename OWASP3/crs-setup.conf.example to crs-setup.conf Then restart apache. 0 -
Seems issue is with configuration . Please check with your server admin about the same and confirm things are setup correctly 0 -
I used SecRuleRemoveById 901001 and it worked...is it correct ? 0 -
If you want the rule-set to be silent about being deployed without a configuration file then it is correct. I doubt that is what you want though. 0 -
Hello, You may also want to review the following thread if you are using the OWASP core ruleset: SOLVED - Issues with modsecurity OWASP and false positives. Thank you. 0 -
No, I don't want to disable the rule set. I am not using cpanel but the OWASP CRS only. I have already renamed the .example file into .conf file while installation, I don't why know Mod_security is giving the same error while running mutillidae in localhost or even loading a simple html page, I made in /var/www/html, when I turn the serverengine on. 0 -
OK. The fact that the ...REQUEST-901-INITIALIZATION.conf"> [line "61"> [id "901001"> [msg "ModSecurity Core Rule Set is... error is being generated shows 3 things. 1 modsecurity.conf is being included into httpd.conf (SecRuleEngine On is being read for 901001 to trigger) 2 Modsecurity is installed and working (almost) 3 The rule .conf files linked to in the activated_rules directory are in fact being included into the Apache httpd.conf when it is built. The crs-setup.conf file is not being included into the httpd.conf when it is built. (httpd.conf is built each time you restart Apache) If you look at your modsecurity.conf file I would expect it to have lines like this... Include "/usr/share/modsecurity-crs/*.conf" Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
The path may be different in your environment. In your installation the first line is not working for some reason. The second line is working. Look for a typo in the first line. Look for a typo in the actual name of crs-setup.conf (you said you edited it during installation) If you change anything restart Apache. Test. I do not recognize the word "serverengine" SecRuleEngine On seems to make more sense in this context. As the original post is off topic for these forums (this is a cPanel forum, not a modsecurity forum) this will be my last contribution to this thread. Good luck with your project. (assignment?)0
Please sign in to leave a comment.
Comments
9 comments