ModSecurity for Apache 2.4.34 Failing with Invalid command 'SecRuleEngine'

Question

I have A Ubuntu 18.04 server, installed Apache 2.4.34, and have compiled ModSecurity 3 with the apache module.

I can successfully load the module, by adding:

LoadModule security3_module modules/mod_security3.so

to my httpd.conf

and testing with httpd -M shows the module is loading

My config is standard, nothing other than pulling from the v3 rules repo, and moving the config files around to where they should go.

As soon as I attempt to load the config I receive:

AH00526: Syntax error on line 7 of /opt/ModSecurity/modsecurity.conf:
Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the server configuration

and my config is simply:

<IfModule security3_module>
    IncludeOptional /opt/ModSecurity/modsecurity.conf
</IfModule>

Where /opt/ModSecurity/modsecurity.conf contains the standard stuff from the repo.

What am I doing wrong?

(let me know if you need more info)

score 0 · Accepted Answer · answered Jan 05 '19 at 19:21

0

You have to enable the ModSecurity in a context, eg:

<VirtualHost *:80>
    ServerName foobar.com
    ...
    <Directory /path/to/docroot>
        ...
        modsecurity on
        modsecurity_rules_file /path/to/modsecurity.conf
        # optional:
        modsecurity_rules_file /path/to/crs-rules.load
    </Directory>
    ....
</VirtualHost>

But if you accept a good advice from me, you don't use ModSecurity3 Apache module - it's not production ready yet.

answered Jan 05 '19 at 19:21

airween

195
1
1
8

Please explain your suggestion? I've used it for nginx since it hit stable and have had no issues with it. Also, your suggestions above due seem to work, however, nothing is happenning, I am still able to attack my sites – Kevin Jan 14 '19 at 20:29
"I am still able to attack my sites" - that's what I talked about, when I wrote, you don't want to use ModSecurity3 with Apache. – airween Jan 15 '19 at 11:45
You are NOT explaining yourself. Until you do and explain your statement there is no way anyone in their right frame of mind will do what you duggest. – Kevin Jan 17 '19 at 20:20
Do you mean that modsecurity 3 doesn't work at all? I don't understand what you're trying to say either. – Michael Hampton Jan 17 '19 at 20:24
@Kevin, Modsecurity_Apache connector is not production ready. There are few missing parts from code. – airween Oct 28 '20 at 20:33
@MichaelHampton, no, mostsecurity3 works - with Nginx. If you want to use Apache, the preferred version is modsecurity2. – airween Oct 28 '20 at 20:34

ModSecurity for Apache 2.4.34 Failing with Invalid command 'SecRuleEngine'

1 Answers1