downloaded v3.2.0
https://coreruleset.org/installation/ following instructions located in file INSTALL
But apache cannot start and returns this error –
AH00526: Syntax error on line 800 of /etc/apache2/crs/crs-setup.conf:
яну 19 01:36:09 VMhomeServer apachectl[20761]: ModSecurity: Found another rule with the same id
this is my apache2.conf file for security2
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
Include /etc/apache2/crs/crs-setup.conf
Include /etc/apache2/crs/rules/*.conf
</IfModule>
According to this issue https://github.com/SpiderLabs/ModSecurity/issues/1227
I "solved" commenting this:
Include /etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf
but since im using a newer version, there is no such rule, the rules are all different now so I cannot figure out what is going on for the life of me.
I have modsecurity-crs/bionic,bionic,now 3.0.2-1 all [installed] as required by the installation guide
Any help would be appreciated, I found nothing about such an issue on this version on the internet so far
Best Answer
Could you check to make sure that you are including the modsecurity.conf file with a line like:
Include "/etc/apache2/modsecurity.d/modsecurity.conf"
before you include the crs-setup.conf Are you using the Ubuntu repo version of modsecurity or did you pull that from the git repo as well as the rules? The Ubuntu repo version will put the config in/etc/modsecurity/modsecurity.conf
I don't know where you have put that file but your conf file could look like this. Note: if using the git repo version of modsecurity you might need to load some additional libraries.That doesn't really address your question though but you do need that file. Apache is failing to start because there are two rules with the same id number. ModSecurity will not allow that. You just need to find the duplicate rule number and change it. As per modsecurity standards, you are not supposed to modify any of the existing conf files in the /rules directory. You can, and should modify the
modsecurity.conf
andcrs-setup.conf
files. You have a duplicate rule id numberon line 800 of /etc/apache2/crs/crs-setup.conf
Keep in mind that the line numbers might not match up perfectly. I think that those get counted as one line when lines are escaped with the\
. In the defaultcrs-setup.conf.example
all the rules are commented out except the last one that lists the version of rules you are running. Check yourcrs-setup.conf
file and see what you have uncommented. If you find some rule id numbers that might be suspicious then you can check through all your rules for a duplicate with something like this (changing the rule number you are looking for of course):If you just want to find all the rule id numbers in the files then this might help: