I recently installed mod_security on apache 2.4.6 using owasp rule set, But there'e some problems with google recaptcha and non-english utf8 characters. I googled and for recaptcha I should add following custom rule to mod_security
SecRuleUpdateTargetById 981319 !ARGS:'g-recaptcha-response'
But When I add it to mod_security main configuration file... httpd won't restart. I tried searching but I can't seem to find a way to add custom rule set file for mod_security. Apache log for banning recaptcha is:
[Thu Sep 08 07:04:18.084361 2016] [:error] [pid 14084] [client 5.232.165.32] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){5,}" at ARGS:g-recaptcha-response. [file "/etc/httpd/crs-tecmint/owasp-modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03AHJ_VuuPCp_JmWQJpW2-kP9sujeJEyunQ12UKtw5EHTJ0yDo9AY8SUvOkQ4l9gRPee1gkbtYzFIe-5NoWyWsM1N7Yo3i7nqqEg0c7PW2AyCshxZC-hnqmlOY0qUPIHcf9rHIzYPjHfppCEoNTtkw6PSkvHlLKwqulFwSDATG_2l8_C3lnF1fTtkgKgtMk2nrfYzNItUkIa6MzgTC3yj9qK1oq4kqMKff1RrQLLvVYk-XnJTItGfoRdatb5z-uwr6my4H28N9WwxFhARrTCLQ9Blhm5JwPA5xVLOQsPyJmtCVNYlAAdTZQQVshLBdPypPaLEvEPjCjxaEteCt-nelbrIsqdGT6fkgUR5uomlhJjMuyEbmTbGssPYjtzoWu-GcX4vNezPJiAJ1j-MRkkpmZo-T33s7QDnL9yJzBO_kgRNe_FQZbtUlnZuWLFghAfnF13Q..."] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [acc [hostname "domain.com"] [uri "/login.php"] [unique_id "V9DOKgRETzQ748oMLD4k9AAAAAg"]
What should I do?
