The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_Security with CRS

Discussion in 'Security' started by Jasleen, May 30, 2017.

Tags:
  1. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    I am having trouble in browsing localhost when I turn the ServerEngineOn in Mod secuirty with CRS. Can anyone help?
     
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    404
    Likes Received:
    2
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you checked the Apache error log and Is there any Rule causing the blockage ? If so Please either remove that rule from Modsec or whitelist the rule server wide
     
  3. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Code:
    [Tue May 30 17:01:56.642719 2017] [:error] [pid 17427] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/share/modsecurity-crs/activated_rules/REQUEST-901-INITIALIZATION.conf"] [line "61"] [id "901001"] [msg "ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions."] [severity "CRITICAL"] [hostname "127.0.0.1"] [uri "/mutillidae/index.php"] [unique_id "WS355H8AAQEAAEQTtGoAAAAB"]
    This is the error, I am getting. What next should I do?
     
    #3 Jasleen, May 30, 2017
    Last edited by a moderator: May 30, 2017
  4. fuzzylogic

    fuzzylogic Active Member

    Joined:
    Nov 8, 2014
    Messages:
    39
    Likes Received:
    13
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Are you sure you're using cPanel?
    Sounds like you should rename OWASP3/crs-setup.conf.example to crs-setup.conf
    Then restart apache.
     
  5. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    404
    Likes Received:
    2
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    Seems issue is with configuration . Please check with your server admin about the same and confirm things are setup correctly
     
  6. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    I used SecRuleRemoveById 901001 and it worked...is it correct ?
     
  7. fuzzylogic

    fuzzylogic Active Member

    Joined:
    Nov 8, 2014
    Messages:
    39
    Likes Received:
    13
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    If you want the rule-set to be silent about being deployed without a configuration file then it is correct.
    I doubt that is what you want though.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,094
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  9. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    No, I don't want to disable the rule set. I am not using cpanel but the OWASP CRS only. I have already renamed the .example file into .conf file while installation, I don't why know Mod_security is giving the same error while running mutillidae in localhost or even loading a simple html page, I made in /var/www/html, when I turn the serverengine on.
     
  10. fuzzylogic

    fuzzylogic Active Member

    Joined:
    Nov 8, 2014
    Messages:
    39
    Likes Received:
    13
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    OK. The fact that the ...REQUEST-901-INITIALIZATION.conf"] [line "61"] [id "901001"] [msg "ModSecurity Core Rule Set is...
    error is being generated shows 3 things.
    1 modsecurity.conf is being included into httpd.conf (SecRuleEngine On is being read for 901001 to trigger)
    2 Modsecurity is installed and working (almost)
    3 The rule .conf files linked to in the activated_rules directory are in fact being included into the Apache httpd.conf when it is built.

    The crs-setup.conf file is not being included into the httpd.conf when it is built. (httpd.conf is built each time you restart Apache)
    If you look at your modsecurity.conf file I would expect it to have lines like this...
    Code:
    Include "/usr/share/modsecurity-crs/*.conf"
    Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
    The path may be different in your environment.
    In your installation the first line is not working for some reason.
    The second line is working.

    Look for a typo in the first line.
    Look for a typo in the actual name of crs-setup.conf (you said you edited it during installation)
    If you change anything restart Apache.
    Test.

    I do not recognize the word "serverengine"
    SecRuleEngine On
    seems to make more sense in this context.

    As the original post is off topic for these forums (this is a cPanel forum, not a modsecurity forum) this will be my last contribution to this thread. Good luck with your project. (assignment?)
     
Loading...

Share This Page