Mod_Security(dev)+Apache+Proxy: No mod_security Rules



  • Hi guys,
        I'm facing a really strange problem in Mod_Security(dev)+Apache+Proxy. The rules options in Group Rules are blank. I created a new brand virtual machine to check if it was my installation but it's the same.

    Please see the screenshot in attachment.

    Thanks in advance!




  • Hi,

    I am seeing exactly the same thing.

    I do see this in the logs:

    Nov 17 16:00:36 php-fpm[247]: /pkg_mgr_install.php: The command '/usr/pbi/proxy_mod_security-amd64/sbin/httpd -t' returned exit code '1', the output was 'AH00526: Syntax error on line 539 of /usr/local/etc/apache24/httpd.conf: ModSecurity: No action id present within the rule'
    Nov 17 16:00:36 php-fpm[247]: /pkg_mgr_install.php: apache_mod_security_package: There was an error parsing the Apache configuration: 1

    The folder /usr/local/etc/apache24/ does not appear to exist.  httpd.conf is in this location:

    /usr/pbi/proxy_mod_security-amd64/local/etc/apache24/httpd.conf

    I can't start the service for this package but I don't see any further errors.

    Is there any way to upload the OWASP mod_security rules into the engine instead?

    Regards.

    Further to above:

    After modifying the Apache config and saving I get these errors in the console:

    Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/base_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141
    Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/experimental_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141
    Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/optional_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141
    Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/slr_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141



  • Further to the message above:

    I downloaded the SpiderLabs OWASP rules and copied them to:

    /usr/pbi/proxy_mod_security-amd64/crs

    /activated_rules
    /base_rules
    /experimental_rules
    /optional_rules
    /slr_rules

    These now appear in the mod_security Rules group configuration for selection.

    The service still won't start, the link appeared to be missing in:

    /use/local/etc

    for:

    /usr/pbi/proxy_mod_security-amd64/local/etc/apache24

    I added this but the service still doesn't start.  Still working on it.


  • Banned

    That package is completely broken. Use the non-dev version, that could have some chance of actually working after recent fixes.



  • I fixed this by editing the apache_mod_security.template file.  It was missing IDs for the SecRules.  I have attached mine here so that anyone can use it.  You can replace yours, it is in:

    /usr/local/pkg

    Remove the '.txt' extension.

    apache_mod_security.template.txt


Log in to reply