1

I have mod security2 in ubuntu 14.04 LTS server. I saw the below tutorial: http://blog.cherouvim.com/simple-dos-protection-with-mod_security/

The above sadly do not work on me apache error : 

 * Restarting web server apache2                                                                                                                                            [fail] 
 * The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 226 of /etc/modsecurity/modsecurity.conf:
ModSecurity: No action id present within the rule
Action 'configtest' failed.

The Apache error log may have more information.

Can you recommend something similar?

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
Shake-the-World
  • 11
  • 5

1 Answers1

3

https://launchpad.net/ubuntu/trusty/+source/modsecurity-apache

Ubuntu has ModSecurity 2.7+ which requires [1]

  • Added Rules must have ID action and must be numeric.

So best would be to add ID's to those rules and that will do the trick. For instance rule

SecRule ip:block "@eq 1" "phase:1,deny,log,logdata:'req/sec: %{ip.requests}, blocks: %{ip.blocks}',status:403"

should be 

SecRule ip:block "@eq 1" "id:12345,phase:1,deny,log,logdata:'req/sec: %{ip.requests}, blocks: %{ip.blocks}',status:403"

Or some other ID which is not already used by some other rule.

[1] https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES

Hrvoje Špoljar
  • 5,162
  • 25
  • 42