0

I have not been doing anything with my site for a while and recently upgraded Ubuntu from 12.04 to 14.04 LTS, but now I am getting errors like:

Modsecurity: no action id present

I looked around online and most answers tell you to add id=1234 or such to the rules, but no explanation to why or what id does. Could anyone shed some light of this?

Stochastic13
  • 121
  • 4
  • You should write up your re-install note, more completely, as an answer to your own question, wait a bit for commentary on it, and then consider closing the question with your answer as the correct way to solve the real problem. It sounds like the right answer and will help future visitors. – Mark Jun 12 '15 at 18:06
  • @Mark thaks, done. – Stochastic13 Jun 12 '15 at 19:00

2 Answers2

1

I solved this issue by reinstalling Modsecurity, then the problem with duplicate ids came up that I solved by making sure that Modsecurity is included only once in my configurations files.

Stochastic13
  • 121
  • 4
1

Ids became mandatory in ModSecurity 2.7. Guessing you moved from a version before this with your recent upgrade of your OS. And sounds like you've gone back to old version when you manually reinstalled ModSecurity.

An id is useful so you uniquely identify a rule for the following reasons amongst others:

  • Uniquely identify a rule in log files when it fires.
  • Turn a rule off using SecRuleRemoveById
  • Skip partial processing of a rule using SecRuleUpdateTargetById (e.g. to ignore one parameter from being processed in a rule).

An id must be unique. Not really an identifier if its not ;-)

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#id

Barry Pollard
  • 4,461
  • 14
  • 26