I have a password protected directory on my web server. To protect that from brute force attack, I tried to add the IP-Based BLocking config as below in the apache2 config file.
But everytime I restart Apache2 I get syntax error. Does anyone know how to resolve this? Thanks
Apache version: 2.2
Mod Security CRS – 2.2.8-1
Error when restart Apache
/etc/init.d/apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 252 of /etc/apache2/apache2.conf:
ModSecurity: No action id present within the rule
Action 'configtest' failed.
The Apache error log may have more information.
Here is the apache config file content:
232 Alias /shared /var/shared
233 <Directory /var/shared>
234 Options Indexes MultiViews FollowSymLinks
235 AllowOverride AuthConfig
236 Order allow,deny
237 Allow from all
238 </Directory>
239
240 <IfModule security2_module>
241 Include /usr/share/modsecurity-crs/*.conf
242 Include /usr/share/modsecurity-crs/base_rules/*.conf
243 </IfModule>
244 <LocationMatch /shared>
245 # Uncomment to troubleshoot
246 SecDebugLogLevel 9
247 SecDebugLog /tmp/troubleshooting.log
248
249 # Enforce an existing IP address block
250 SecRule IP:bf_block "@eq 1" \
251 "phase:2,deny,\
252 msg:'IP address blocked because of suspected brute-forceattack'"
253
254 # Check that this is a POST
255 SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass"
256 # AND Check for authentication failure and increment counters
257 # NOTE this is for a Rails application, you probably need to customize this
258 SecRule RESPONSE_STATUS "^200" \
259 "setvar:IP.bf_counter=+1"
260
261 # Check for too many failures from a single IP address. Block for 10 minutes.
262 SecRule IP:bf_counter "@ge 3" \
263 "phase:5,pass,t:none, \
264 setvar:IP.bf_block,\
265 setvar:!IP.bf_counter,\
266 expirevar:IP.bf_block=600"
267 </LocationMatch>
There is nothing in the error logs except that it was shutting down while I initiated restart command.
Best Answer
I would say that an action unique ID is mandatory.
Try :
For
id
use any number you want, just ensure to not use the same twice (or more).