I have a Debian server where apache2 is running. I want to use modsecurity
for throttling.
apache2 info
$ apache2ctl -v
Server version: Apache/2.4.29 (Debian)
Server built: 2018-01-14T11:01:58
I installed libapache2-mod-security2
with
sudo apt install libapache2-mod-security2
created the modsecurity conf file with
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
changed SecRuleEngine
from DetectionOnly
to On
in /etc/modsecurity/modsecurity.conf
Restarted apache2
service
At this point, ideally, I should see a /var/log/apache2/modsec_audit.log
file, which I dont.
Here is the apache error.log file;
[Thu Sep 15 13:03:13.707900 2022] [:notice] [pid 5215] ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/) configured.
[Thu Sep 15 13:03:13.707908 2022] [:notice] [pid 5215] ModSecurity: APR compiled version="1.5.2"; loaded version="1.6.2"
[Thu Sep 15 13:03:13.707910 2022] [:warn] [pid 5215] ModSecurity: Loaded APR do not match with compiled!
[Thu Sep 15 13:03:13.707912 2022] [:notice] [pid 5215] ModSecurity: PCRE compiled version="8.39 "; loaded version="8.39 2016-06-14"
[Thu Sep 15 13:03:13.707914 2022] [:notice] [pid 5215] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Sep 15 13:03:13.707916 2022] [:notice] [pid 5215] ModSecurity: YAJL compiled version="2.1.0"
[Thu Sep 15 13:03:13.707917 2022] [:notice] [pid 5215] ModSecurity: LIBXML compiled version="2.9.4"
[Thu Sep 15 13:03:13.707919 2022] [:notice] [pid 5215] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
I also tried putting gibrish text in /etc/modsecurity/modsecurity.conf
and apache2 restart still wont fail. Which means that apache is not reading /etc/modsecurity/modsecurity.conf
What am I missing here? How do I debug this?