Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mod_Security with CRS

Discussion in 'Security' started by Jasleen, May 30, 2017.

Tags:
  1. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    I am having trouble in browsing localhost when I turn the ServerEngineOn in Mod secuirty with CRS. Can anyone help?
     
  2. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    407
    Likes Received:
    3
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you checked the Apache error log and Is there any Rule causing the blockage ? If so Please either remove that rule from Modsec or whitelist the rule server wide
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Code:
    [Tue May 30 17:01:56.642719 2017] [:error] [pid 17427] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/usr/share/modsecurity-crs/activated_rules/REQUEST-901-INITIALIZATION.conf"] [line "61"] [id "901001"] [msg "ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions."] [severity "CRITICAL"] [hostname "127.0.0.1"] [uri "/mutillidae/index.php"] [unique_id "WS355H8AAQEAAEQTtGoAAAAB"]
    This is the error, I am getting. What next should I do?
     
    #3 Jasleen, May 30, 2017
    Last edited by a moderator: May 30, 2017
  4. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    93
    Likes Received:
    51
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Are you sure you're using cPanel?
    Sounds like you should rename OWASP3/crs-setup.conf.example to crs-setup.conf
    Then restart apache.
     
  5. NixTree

    NixTree Well-Known Member

    Joined:
    Aug 19, 2010
    Messages:
    407
    Likes Received:
    3
    Trophy Points:
    143
    Location:
    Gods Own Country
    cPanel Access Level:
    Root Administrator
    Twitter:
    Seems issue is with configuration . Please check with your server admin about the same and confirm things are setup correctly
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    I used SecRuleRemoveById 901001 and it worked...is it correct ?
     
  7. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    93
    Likes Received:
    51
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    If you want the rule-set to be silent about being deployed without a configuration file then it is correct.
    I doubt that is what you want though.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Jasleen

    Jasleen Registered

    Joined:
    May 30, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    No, I don't want to disable the rule set. I am not using cpanel but the OWASP CRS only. I have already renamed the .example file into .conf file while installation, I don't why know Mod_security is giving the same error while running mutillidae in localhost or even loading a simple html page, I made in /var/www/html, when I turn the serverengine on.
     
  10. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    93
    Likes Received:
    51
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    OK. The fact that the ...REQUEST-901-INITIALIZATION.conf"] [line "61"] [id "901001"] [msg "ModSecurity Core Rule Set is...
    error is being generated shows 3 things.
    1 modsecurity.conf is being included into httpd.conf (SecRuleEngine On is being read for 901001 to trigger)
    2 Modsecurity is installed and working (almost)
    3 The rule .conf files linked to in the activated_rules directory are in fact being included into the Apache httpd.conf when it is built.

    The crs-setup.conf file is not being included into the httpd.conf when it is built. (httpd.conf is built each time you restart Apache)
    If you look at your modsecurity.conf file I would expect it to have lines like this...
    Code:
    Include "/usr/share/modsecurity-crs/*.conf"
    Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
    The path may be different in your environment.
    In your installation the first line is not working for some reason.
    The second line is working.

    Look for a typo in the first line.
    Look for a typo in the actual name of crs-setup.conf (you said you edited it during installation)
    If you change anything restart Apache.
    Test.

    I do not recognize the word "serverengine"
    SecRuleEngine On
    seems to make more sense in this context.

    As the original post is off topic for these forums (this is a cPanel forum, not a modsecurity forum) this will be my last contribution to this thread. Good luck with your project. (assignment?)
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice