Apache ModSecurity:另一个具有相同 ID 错误的规则
Apache ModSecurity: another rule with the same id error
我正在尝试使用 ModSecurity Rule set inside a Docker container. I followed a few tutorials (this, this and this) 设置 Apache 服务器以构建安全的 Apache 服务器。但是我无法让服务器使用规则集。
我收到这个错误:
AH00526: Syntax error on line 855 of /etc/httpd/modsecurity.d/crs-setup.conf:
ModSecurity: Found another rule with the same id
我搜索了错误,根据答案on this page,错误在于两次包含相同的规则。但据我所知,我没有两次包含相同的规则,我想知道错误是否出在其他地方。
我的项目文件结构如下:
.
├── conf
│ └── httpd.conf
├── Dockerfile
├── index.html
├── modsecurity.d
│ ├── crs-setup.conf
│ ├── modsecurity.conf
│ └── rules
httpd.conf 文件是用于 Apache 服务器的默认配置文件,modsecurity 配置通过 Dockerfile 中的命令插入。
Dockerfile有如下配置
FROM centos:7
RUN yum -y update && \
yum -y install less which tree httpd mod_security && \
yum clean all
COPY index.html /var/www/html/
#COPY conf/ /etc/httpd/conf/
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/modsecurity.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/rules/
RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo " Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo " Include modsecurity.d/rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo " SecRuleEngine On" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
index.html 只是一个基本的 hello 文件:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" lang="en">
</head>
<body>
<h1>Hello there</h1>
</body>
</html>
crs-setup.conf有以下内容(不包括所有评论)
SecRuleEngine On
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
SecCollectionTimeout 600
SecAction \
"id:900990,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_setup_version=310"
modsecurity.conf只有这两行
SecRequestBodyAccess On
SecStatusEngine On
rules 是包含 ModSecurity 规则集的目录。
如果有人想看一下整个设置,我还将项目文件放在 github 上。
我找到了错误的原因。 ModSecurity 配置文件命名错误,规则文件放置在错误的目录中。
ModSecurity 文件是 modsecurity.conf,而实际上它应该是 mod_security.conf,请注意下划线 (source). The rule files should have been placed in a folder called activated_rules(source).
在我的工作配置中,我现在有以下文件夹结构:
.
├── conf
│ └── httpd.conf
├── Dockerfile
├── index.html
└── modsecurity.d
├── crs-setup.conf
├── mod_security.conf
└── activated_rules
Dockerfile如下
FROM centos:7
RUN yum -y update && \
yum -y install less which tree httpd mod_security && \
yum clean all
COPY index.html /var/www/html/
RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/activated_rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/mod_security.conf /etc/httpd/conf.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/activated_rules/
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
我正在尝试使用 ModSecurity Rule set inside a Docker container. I followed a few tutorials (this, this and this) 设置 Apache 服务器以构建安全的 Apache 服务器。但是我无法让服务器使用规则集。
我收到这个错误:
AH00526: Syntax error on line 855 of /etc/httpd/modsecurity.d/crs-setup.conf:
ModSecurity: Found another rule with the same id
我搜索了错误,根据答案on this page,错误在于两次包含相同的规则。但据我所知,我没有两次包含相同的规则,我想知道错误是否出在其他地方。
我的项目文件结构如下:
.
├── conf
│ └── httpd.conf
├── Dockerfile
├── index.html
├── modsecurity.d
│ ├── crs-setup.conf
│ ├── modsecurity.conf
│ └── rules
httpd.conf 文件是用于 Apache 服务器的默认配置文件,modsecurity 配置通过 Dockerfile 中的命令插入。
Dockerfile有如下配置
FROM centos:7
RUN yum -y update && \
yum -y install less which tree httpd mod_security && \
yum clean all
COPY index.html /var/www/html/
#COPY conf/ /etc/httpd/conf/
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/modsecurity.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/rules/
RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo " Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo " Include modsecurity.d/rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo " SecRuleEngine On" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
index.html 只是一个基本的 hello 文件:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" lang="en">
</head>
<body>
<h1>Hello there</h1>
</body>
</html>
crs-setup.conf有以下内容(不包括所有评论)
SecRuleEngine On
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
SecCollectionTimeout 600
SecAction \
"id:900990,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_setup_version=310"
modsecurity.conf只有这两行
SecRequestBodyAccess On
SecStatusEngine On
rules 是包含 ModSecurity 规则集的目录。
如果有人想看一下整个设置,我还将项目文件放在 github 上。
我找到了错误的原因。 ModSecurity 配置文件命名错误,规则文件放置在错误的目录中。
ModSecurity 文件是 modsecurity.conf,而实际上它应该是 mod_security.conf,请注意下划线 (source). The rule files should have been placed in a folder called activated_rules(source).
在我的工作配置中,我现在有以下文件夹结构:
.
├── conf
│ └── httpd.conf
├── Dockerfile
├── index.html
└── modsecurity.d
├── crs-setup.conf
├── mod_security.conf
└── activated_rules
Dockerfile如下
FROM centos:7
RUN yum -y update && \
yum -y install less which tree httpd mod_security && \
yum clean all
COPY index.html /var/www/html/
RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/activated_rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/mod_security.conf /etc/httpd/conf.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/activated_rules/
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]