Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What does "ModSecurity-apache is unstable" mean, exactly? #77

Open
ghost opened this issue Oct 21, 2020 · 2 comments
Open

What does "ModSecurity-apache is unstable" mean, exactly? #77

ghost opened this issue Oct 21, 2020 · 2 comments

Comments

@ghost
Copy link

ghost commented Oct 21, 2020

I have written a guide on how to install ModSecurity-apache from source for Ubuntu 20.04 here.

When attempting to Include crs-setup.conf and the coreruleset/rules directory I receive a startup error in regards to SecDefaultAction.

AH00526: Syntax error on line 106 of /etc/apache2/conf-available/crs-setup.conf:
Invalid command 'SecDefaultAction', perhaps misspelled or defined by a module not included in the server configuration

I am sure this is a matter of figuring out how to include these files in ModSecurity v3.0.4.

I suppose this is a multi-issue.

Please understand I am not a programmer by any means; I am learning.

The reason I made this issue is because I am curious of this:
What does "ModSecurity-apache is unstable" mean, exactly?

@zimmerle
Copy link
Contributor

Hi @DrewPlots,

Thank you for aggregate that installation information.

The include manner was changed, now the user can include files using what is described here -
https://github.com/SpiderLabs/ModSecurity-apache#usage

The reason why this project was not yet released is because it is still missing code. It does not work as expected, yet.

I think there is an issue within the link that you have provided for the wiki document.

@ghost
Copy link
Author

ghost commented Oct 22, 2020

Thank you for the response.

You are welcome. I was happy to write it up; it's the least I could do, really.

Because the apache connector is missing code means either I must wait for the project to gain traction, learn to program, or utilize the ongoing development by using an nginx connector.

All the modsecurity-related include declarations work for modsecurity. However, none of the modsecurity or the coreruleset (the <IfModule security(3)_module>)installation directions are functional for importing the crs-setup.conf and rules files.

Now, I do not know which part of what files are missing code, but perhaps this is the start of the instability.

Thank you for your time, @zimmerle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant