modsecurity nginx_apache wont start

kevinjansen

Verified User
Joined
Sep 9, 2006
Messages
8
Dear,

I am trying to install modsecurity since we are having issues with try's for sql injections lately, and i found out that modsecurity is the tool to prevent this.
But after the installation nginx wont start:

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/02_Global_Generic.conf. Line: 83. Column: 98. Expecting an action, got: ctl:responseBodyAccess=On,rev:1,severity:2,tag:'CWAF',tag:'Generic'" in /etc/nginx/nginx-modsecurity-enable.conf:2

I have also tried with only apache with no succes either (dont have the error for that one, since i prefer nginx_apache)

What i have done:
options.conf
modsecurity=3.0 (also tried with "yes")
modsecurity_ruleset=comodo

./build update
./build modsecurity
./build modsecurity_ruleset

After getting errors i also tried:

./build rewrite_confs

But still no success. Then i tried on our test server a full rebuild
./build all d

Same error.

Some details:
./build version
2.0.0 (rev: 1972)

Debian Stretch 9 - Debian 4.9.130-2
With owasp as ruleset its working, but i heard that comodo is better?


Is comodo ruleset currently broken for Debian 9 with nginx_apache?

Thanks in advance,

Kevin
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,339
Location
LT, EU
We use comodo ruleset as-is, without any modifications. I contacted them on this case, and they've told me that they're planning to release a fix next week, however, it's all up to them. I'd suggest using OWASP until they release a bugfix. Thank you!
 

orkinoks

Verified User
Joined
Dec 24, 2010
Messages
62
Just a FYI: they announced it should work now :)
I guess it doesnt.
Without knowing this issue, I tried a fresh install with
webserver=nginx_apache and comodo as modsecurity, however ngnix fails to start with a similar error after install.
I am trying to switch to owasp as of now. Is it possible that you need to update anything in custombuild packs?
Regards.
PS: I did an automated install of directadmin, I may have skipped any warning if exists in standard directadmin install.
Another PS: I use centos 7, not debian like kevinjasen.
 
Last edited:

Scott DeLeury

Verified User
Joined
Mar 25, 2005
Messages
80
I had a similar issue on update:

Jan 29 11:30:10 nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/cwaf/cwaf.conf. Line: 2. Column: 57. Invalid input: IncludeOptional /usr/local/cwaf/etc/httpd/domains/*.conf in /etc/nginx/nginx-modsecurity-enable.conf:2

I removed the contents of /usr/local/cwaf/etc/httpd/domains/, recreated by hand (as reinstall didn't fix/recrate the contents), and then reinstalled modsecurity/cwaf and restarted nginx_apache again to get it all working. There wasn't anything out of the ordinary in there aside from a .conf-bak file, but even with that removed it still gave me the same error.
 
Top