Modsecurity – OWASP CRS 901001
Ubuntu 18.04
Apache/2.4.29
ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.0
modsecurity-crs 3.0.2-1
This is a new server. The following message appears in modsec_audit.log
in every entry:
--c2d2e910-H--
Message: Warning. Operator EQ matched 0 at TX. [file
"/usr/share/modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf"]
[line "56"] [id "901001"] [msg "ModSecurity Core Rules setup file has
not been detected. Threat detection and blocking may be nonfunctional.
Please ensure to make a copy of the setup template crs-
setup.conf.example, and include your crs-setup.conf file in your
webserver configuration before including the CRS rules."] [severity
"WARNING"]
me@www:~$ apache2ctl -t -D DUMP_MODULES |grep security2_module
security2_module (shared)
As shown above, the module is loaded. My Apache conf has an <IfModule security2_module>
stanza that includes:
IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load
The file owasp-crs.load
has:
Include /etc/modsecurity/crs/crs-setup.conf
IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
Include /usr/share/modsecurity-crs/rules/*.conf
IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
me@www:~$ ls /etc/modsecurity/crs/crs-setup.conf
/etc/modsecurity/crs/crs-setup.conf
As the warning states, crs-setup.conf
can't be found though the file exists in the specified location. However, the system seems to be working properly. For example, in crs-setup.conf
if I remove all HTTP methods from ID 900200
then I get a HTTP 403 Forbidden which is expected based on how I have the system configured.
Your thoughts and experience are appreciated in helping to resolve this.
Thank you.