I have A Ubuntu 18.04 server, installed Apache 2.4.34, and have compiled ModSecurity 3 with the apache module.
I can successfully load the module, by adding:
LoadModule security3_module modules/mod_security3.so
to my httpd.conf
and testing with httpd -M shows the module is loading
My config is standard, nothing other than pulling from the v3 rules repo, and moving the config files around to where they should go.
As soon as I attempt to load the config I receive:
AH00526: Syntax error on line 7 of /opt/ModSecurity/modsecurity.conf:
Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the server configuration
and my config is simply:
<IfModule security3_module>
IncludeOptional /opt/ModSecurity/modsecurity.conf
</IfModule>
Where /opt/ModSecurity/modsecurity.conf
contains the standard stuff from the repo.
What am I doing wrong?
(let me know if you need more info)
Best Answer
You have to enable the ModSecurity in a context, eg:
But if you accept a good advice from me, you don't use ModSecurity3 Apache module - it's not production ready yet.