1

I configured mod-security, from https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu . After that a restart apache service but i caught error:

The apache2 configtest failed. Output of config test was:
AH00526: Syntax error on line 97 of /usr/share/modsecurity-crs/modsecurity_crs_10_setup.conf:
ModSecurity: Found another rule with the same id
Action 'configtest' failed.
The Apache error log may have more information.

error log: (but I think thats not log from fault of mode-security)

[Sun Jan 11 01:40:20.278652 2015] [mpm_prefork:notice] [pid 5359] AH00169: caught SIGTERM, shutting down

I also use mode-evasive.

Sven
  • 97,248
  • 13
  • 177
  • 225
Jan Richter
  • 21
  • 1
  • 2
  • 1
    What is unclear about the error message? Did you read it and understand it? It shows a clear path to look for an error. – Sven Jan 11 '15 at 01:30
  • SecAction \ "id:'900001', \ phase:1, \ t:none, \ setvar:tx.critical_anomaly_score=5, \ setvar:tx.error_anomaly_score=4, \ setvar:tx.warning_anomaly_score=3, \ setvar:tx.notice_anomaly_score=2, \ nolog, \ pass" This is the rule from line 97, i read it, but i need help to fix it and start apache, do you understand me? – Jan Richter Jan 11 '15 at 18:46
  • Can I change the ID? and what number can I use? I need real solve not only another error ;) – Jan Richter Jan 11 '15 at 18:47
  • After I change ID: 900001 -> 911112, I caught another error on line 128 :D – Jan Richter Jan 11 '15 at 18:52
  • Please use the edit button to add this information to your post (and use the text formatting tools). They are heard to read as comment. – Sven Jan 11 '15 at 19:06

1 Answers1

1

The Error is here: Edit your httpd.conf/apache2.conf

<IfModule security2_module>
Include crs/modsecurity_crs_10_setup.conf
Include crs/activated_rules/*.conf
</IfModule>

Change it to

<IfModule security2_module>
# Include crs/modsecurity_crs_10_setup.conf
Include crs/activated_rules/*.conf
</IfModule>

With booth lines activated, apache includes 2 times the same config and then you get the Error with the same id while restarting.

Bart De Vos
  • 17,761
  • 6
  • 62
  • 81
Boris Trenn
  • 11
  • 1