mod_security: another rule with same ID

centos httpd mod-security
10,048

Solution 1

I ran into a similar problem while following a tutorial - http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/

My httpd.conf file already had an include for *.conf and the tutorial had me explicitly include the modsecurity.conf file. As a result, all my rules were duplicates because the conf file was included twice.

Solution 2

It's hard to say exactly where the duplication is occurring based on the information you've provided. Essentially, a rule is being included twice which is usually defined within the modsecurity.conf file. You may be including this file twice, or you have copied its content into another apache conf file. To find the problem, you'll need to search for the duplicate rule. Here's a command that'll do that:

find /etc/httpd -name '*.conf' -exec grep -H "'200000'" {} \;

Once you discover which other file contains the rule (or perhaps its inside modsecurity.conf twice), you'll need to think of a way to organize your rules in a way so that the rules are not included twice. These instructions provide a good basis for using the OWASP ModSecurity Core Rule Set.

Share:
10,048

Related videos on Youtube

Ashish
Author by

Ashish

Updated on September 18, 2022

Comments

  • Ashish
    Ashish almost 2 years

    I have installed httpd 2.2.15 on CentOS 6.5 (minimal installation with no cPanel) with modsecurity 2.8. When I am starting httpd I am getting this error:

    Starting httpd: Syntax error on line 23  of /etc/httpd/conf.d/modsecurity.conf:  ModSecurity: Found another rule with the same id

    The line 23 is:

    "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
    • Panther
      Panther about 10 years
      File a bug report against mod-security in Centos and you can try editing that line and give the rule a unique number. You can probably continue to use mod-security without giving the rule a unique name, it may make reading the logs a bit more difficult as any violation of 200000 may not have the correct information.
    • Ashish
      Ashish about 10 years
      I tried changing rule number and still that errror.
    • Panther
      Panther about 10 years
      You have to use a unique number, try another one. Alternately download a new rule set from mod security or comment out the rule in question.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Disable modsecurity For a Specific Directory
Centos + Apache: can I change owner from "root" to "nobody" safely?
Check for Apache state in Linux
httpd: bad user name apache
In what order does Apache load conf files and which ones?
Best Apache & MySQL config for 16GB and 8 Cores
How to add /home/user/public_html as virtual host in apache - centos
Subdomain error: server DNS address could not be found
AH00027: No authentication done error after upgrading from Apache 2.2 to 2.4
High RAM usage by Apache without any visitors