Women in Technology

Hear us Roar

  Introducing mod_security
Subject:   mod_security2 and SecRule
Date:   2006-10-31 08:45:33
From:   monicat
Any body know how to get SecRule to work with mod_security2.c ? I kept on getting this error message when I start my apache-2.2.3 server:
[truong@gendev-lnx 2.2.3]$ ./restart
Syntax error on line 41 of /home/truong/apache/2.2.3/conf/hole/mod_security2.conf:
Internal Error: Failed to add rule to the ruleset.
httpd not running, trying to start

And here is line 41 of my mod_security.conf file:
39 # Turn on Rule Engine
40 SecRuleEngine On
41 SecRule REQUEST_URI dirty

Is there something I have to turn on (e.g SecFilterEngine On) ?

Thanks for your help.

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • mod_security2 and SecRule
    2006-10-31 08:55:03  Ivan Ristic | O'Reilly Author [View]

    Hmm, your configuration works for me here. Can I suggest you try two things? First upgrade to 2.0.4-dev1 and try again. If that does not work please join us on the mod-security-users mailing list (see here https://lists.sourceforge.net/lists/listinfo/mod-security-users).
    • Re: My SecRule does not work on mod_security2.c
      2006-11-02 07:31:07  monicat [View]

      Ivan, I search at the site you suggested but did not find any solution to my problem.I'm not sure if it help if I include the entire configuration file. Please see below:

      <IfModule mod_security2.c>
      # Basic configuration options
      # Server masking is optional
      SecServerSignature "Microsoft-IIS/5.0"

      # Maximum request body size we will
      # accept for buffering
      SecRequestBodyAccess On
      SecRequestBodyLimit 131072
      # Store up to 128 KB in memory
      SecRequestBodyInMemoryLimit 131072

      # Buffer response bodies of up to
      # 512 KB in length
      SecResponseBodyAccess Off
      SecResponseBodyLimit 524288

      # Debug log
      SecDebugLog logs/modsec_debug.log
      SecDebugLogLevel 9

      # The audit engine works independently and
      # can be turned On of Off on the per-server or
      # on the per-directory basis
      SecAuditEngine RelevantOnly
      SecAuditLogRelevantStatus ^5
      SecAuditLogParts ABIFHZ
      SecAuditLogType Serial

      # The name of the audit log file
      SecAuditLog logs/modsec_audit.log

      # Default action set
      SecDefaultAction "deny,log,auditlog,status:403"

      # Turn on Rule Engine
      SecRuleEngine On
      SecRule REQUEST_URI dirty

      # Refuse to accept POST requests that do
      # not specify request body length
      # SecRule REQUEST_METHOD ^POST$ chain
      # SecRule REQUEST_HEADER:Content-Length ^$

      Any help is appreciated.
      - Monicat