Article:		Introducing mod_security
Subject:		mod_security2 and SecRule
Date:		2006-10-31 08:45:33
From:		monicat
Any body know how to get SecRule to work with mod_security2.c ? I kept on getting this error message when I start my apache-2.2.3 server: ... [truong@gendev-lnx 2.2.3]$ ./restart Syntax error on line 41 of /home/truong/apache/2.2.3/conf/hole/mod_security2.conf: Internal Error: Failed to add rule to the ruleset. httpd not running, trying to start ... And here is line 41 of my mod_security.conf file: ... 39 # Turn on Rule Engine 40 SecRuleEngine On 41 SecRule REQUEST_URI dirty ... Is there something I have to turn on (e.g SecFilterEngine On) ? Thanks for your help.

Showing messages 1 through 2 of 2.

• mod_security2 and SecRule
  2006-10-31 08:55:03  Ivan Ristic [Reply | View]
  
  
  Hmm, your configuration works for me here. Can I suggest you try two things? First upgrade to 2.0.4-dev1 and try again. If that does not work please join us on the mod-security-users mailing list (see here https://lists.sourceforge.net/lists/listinfo/mod-security-users).
• Re: My SecRule does not work on mod_security2.c
  2006-11-02 07:31:07  monicat [Reply | View]
  
  
  Ivan, I search at the site you suggested but did not find any solution to my problem.I'm not sure if it help if I include the entire configuration file. Please see below:
  
  <IfModule mod_security2.c>
  #
  # Basic configuration options
  #
  # Server masking is optional
  SecServerSignature "Microsoft-IIS/5.0"
  
  # Maximum request body size we will
  # accept for buffering
  SecRequestBodyAccess On
  SecRequestBodyLimit 131072
  # Store up to 128 KB in memory
  SecRequestBodyInMemoryLimit 131072
  
  # Buffer response bodies of up to
  # 512 KB in length
  SecResponseBodyAccess Off
  SecResponseBodyLimit 524288
  
  # Debug log
  SecDebugLog logs/modsec_debug.log
  SecDebugLogLevel 9
  
  # The audit engine works independently and
  # can be turned On of Off on the per-server or
  # on the per-directory basis
  SecAuditEngine RelevantOnly
  SecAuditLogRelevantStatus ^5
  SecAuditLogParts ABIFHZ
  SecAuditLogType Serial
  
  # The name of the audit log file
  SecAuditLog logs/modsec_audit.log
  
  # Default action set
  SecDefaultAction "deny,log,auditlog,status:403"
  
  # Turn on Rule Engine
  SecRuleEngine On
  SecRule REQUEST_URI dirty
  
  # Refuse to accept POST requests that do
  # not specify request body length
  # SecRule REQUEST_METHOD ^POST$ chain
  # SecRule REQUEST_HEADER:Content-Length ^$
  </IfModule>
  
  Any help is appreciated.
  - Monicat