I have made i ModSecurity rule for apache to protect wordpress, but it have some error, so please suggest me some modification to work it fine.
# This has to be global, cannot exist within a directory or location clause . . .
SecAction "id:7157150,phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR}"
<Location /wp-login.php>
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block "@gt 0" "id:7157151,deny,status:401,log,msg:'ip address blocked for 5 minutes, more than 15 login attempts in 3 minutes.'"
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS "^302" "id:7157152,phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0"
SecRule RESPONSE_STATUS "^200" "id:7157153,phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180"
SecRule ip:bf_counter "@gt 15" "id:7157154,t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</location>
Currently its show these error
The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error:
AH00526: Syntax error on line 12 of /usr/local/apache/conf/modsec_vendor_configs/mynew/rs_wordpress.conf:
ModSecurity: Metadata actions (id, rev, msg, tag, severity, ver, accuracy, maturity, logdata) can only be specified by chain starter rules.
If you don't know answer than please don't mark as duplicate or down vote.
