Mod_Security(dev)+Apache+Proxy: No mod_security Rules

diegol88 · Oct 16, 2015, 3:06 PM

Hi guys,
I'm facing a really strange problem in Mod_Security(dev)+Apache+Proxy. The rules options in Group Rules are blank. I created a new brand virtual machine to check if it was my installation but it's the same.

Please see the screenshot in attachment.

Thanks in advance!

tudorjames · Nov 23, 2015, 1:40 PM

Hi,

I am seeing exactly the same thing.

I do see this in the logs:

Nov 17 16:00:36 php-fpm[247]: /pkg_mgr_install.php: The command '/usr/pbi/proxy_mod_security-amd64/sbin/httpd -t' returned exit code '1', the output was 'AH00526: Syntax error on line 539 of /usr/local/etc/apache24/httpd.conf: ModSecurity: No action id present within the rule'
Nov 17 16:00:36 php-fpm[247]: /pkg_mgr_install.php: apache_mod_security_package: There was an error parsing the Apache configuration: 1

The folder /usr/local/etc/apache24/ does not appear to exist. httpd.conf is in this location:

/usr/pbi/proxy_mod_security-amd64/local/etc/apache24/httpd.conf

I can't start the service for this package but I don't see any further errors.

Is there any way to upload the OWASP mod_security rules into the engine instead?

Regards.

Further to above:

After modifying the Apache config and saving I get these errors in the console:

Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/base_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141
Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/experimental_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141
Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/optional_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141
Warning: opendir(/usr/pbi/proxy_mod_security-amd64/crs/slr_rules): failed to open dir: No such file or directory in /usr/local/pkg/apache_mod_security.inc on line 141

tudorjames · Nov 23, 2015, 1:59 PM

Further to the message above:

I downloaded the SpiderLabs OWASP rules and copied them to:

/usr/pbi/proxy_mod_security-amd64/crs

/activated_rules
/base_rules
/experimental_rules
/optional_rules
/slr_rules

These now appear in the mod_security Rules group configuration for selection.

The service still won't start, the link appeared to be missing in:

/use/local/etc

for:

/usr/pbi/proxy_mod_security-amd64/local/etc/apache24

I added this but the service still doesn't start. Still working on it.

doktornotor · Nov 23, 2015, 4:53 PM

That package is completely broken. Use the non-dev version, that could have some chance of actually working after recent fixes.

tudorjames · Nov 23, 2015, 5:38 PM

I fixed this by editing the apache_mod_security.template file. It was missing IDs for the SecRules. I have attached mine here so that anyone can use it. You can replace yours, it is in:

/usr/local/pkg

Remove the '.txt' extension.

apache_mod_security.template.txt