堆栈内存溢出
  简体   繁体   English

Apache ModSecurity:另一个具有相同id错误的规则

[英]Apache ModSecurity: another rule with the same id error

 原文  2018-10-31 11:29:08       apache/ docker/ mod-security

问题描述

I am trying to set up an Apache server with the ModSecurity Rule set inside a Docker container. 我正在尝试使用Docker容器中设置ModSecurity Rule设置 Apache服务器。 I followed a few tutorials ( this , this and this ) to build a secure Apache server. 我遵循了一些教程( thisthisthis )来构建安全的Apache服务器。 But I am unable to make the server work with the rule set. 但是我无法使服务器与规则集一起使用。

I get this error: 我收到此错误: 

AH00526: Syntax error on line 855 of /etc/httpd/modsecurity.d/crs-setup.conf:
ModSecurity: Found another rule with the same id

I searched for the error and according to the answers on this page the fault lies in including the same rules twice. 我搜索了错误,并根据此页面上的答案故障在于两次包含相同的规则。 But as far as I can see, I am not including the same rules twice and I wonder if the error lies elsewhere. 但是据我所知,我没有两次包含相同的规则,并且我想知道错误是否在其他地方。

My project file structure is the following: 我的项目文件结构如下: 

.
├── conf
│   └── httpd.conf
├── Dockerfile
├── index.html
├── modsecurity.d
│   ├── crs-setup.conf
│   ├── modsecurity.conf
│   └── rules

The httpd.conf file is the default config file used for an Apache server and the modsecurity configurations are inserted via commands in the Dockerfile. httpd.conf文件是用于Apache服务器的默认配置文件,并且通过命令将modsecurity配置插入Dockerfile中。

The Dockerfile has the following configuration Dockerfile具有以下配置 

FROM centos:7

RUN yum -y update && \
    yum -y install less which tree httpd mod_security && \
    yum clean all

COPY index.html /var/www/html/

#COPY conf/ /etc/httpd/conf/
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/modsecurity.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/rules/

RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "  Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "  Include modsecurity.d/rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "  SecRuleEngine On" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf

EXPOSE 80

CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

index.html is just a basic hello file: index.html只是一个基本的hello文件: 

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" lang="en">
  </head>
  <body>
    <h1>Hello there</h1>
  </body>
</html>

crs-setup.conf has the following content (excluding all the comments) crs-setup.conf具有以下内容(不包括所有注释) 

SecRuleEngine On
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
SecCollectionTimeout 600
SecAction \
 "id:900990,\
  phase:1,\
  nolog,\
  pass,\
  t:none,\
  setvar:tx.crs_setup_version=310"

modsecurity.conf has only these two lines modsecurity.conf只有这两行 

SecRequestBodyAccess On
SecStatusEngine On

rules is a directory which contains the ModSecurity rule set. rules是一个包含ModSecurity规则集的目录。

I also placed the project files on github if anyone wants to have a look at the whole setup. 如果有人想看一下整个安装程序,我还将项目文件放在github上

1 个解决方案

解决方案1
 0 已采纳  2018-12-28 21:12:31

I found out why I got the error. 我发现了为什么我得到了错误。 The ModSecurity configuration file was misnamed and the rule files had been placed in the wrong directory. ModSecurity配置文件的名称错误,并且规则文件已放置在错误的目录中。

The ModSecurity file was modsecurity.conf , when in fact it should have been mod_security.conf , notice the underscore (source) . ModSecurity文件是modsecurity.conf ,实际上它应该是mod_security.conf ,请注意下划线(源) The rule files should have been placed in a folder called activated_rules (source) . 规则文件应放置在名为activated_rules (源)的文件夹中。

In my working configuration I now have the following folder structure: 在我的工作配置中,我现在具有以下文件夹结构: 

.
├── conf
│   └── httpd.conf
├── Dockerfile
├── index.html
└── modsecurity.d
    ├── crs-setup.conf
    ├── mod_security.conf
    └── activated_rules

The Dockerfile is as follows Dockerfile如下 

FROM centos:7

RUN yum -y update && \
    yum -y install less which tree httpd mod_security && \
    yum clean all

COPY index.html /var/www/html/

RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/activated_rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf


COPY modsecurity.d/crs-setup.conf     /etc/httpd/modsecurity.d/
COPY modsecurity.d/mod_security.conf  /etc/httpd/conf.d/
COPY modsecurity.d/rules/*            /etc/httpd/modsecurity.d/activated_rules/

EXPOSE 80

CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Apache的Modsecurity中通过ID禁用规则 - Disaabe rule by ID in modsecurity on apache ModSecurity:规则中不存在操作ID - ModSecurity: No action id present within the rule 如何在多个虚拟主机中包含相同的modsecurity规则而不更改每个规则和每个主机的ID? - How to include same modsecurity rules in multiple virtual hosts without changing the id for each rule and each host? ModSecurity CSRF规则警报 - ModSecurity CSRF rule alert ModSecurity 规则 214940 警告 - ModSecurity rule 214940 warning 使用Apache和ModSecurity进行路由和过滤 - Routing and filtering with Apache and ModSecurity .htaccess和Apache ModSecurity - .htaccess and Apache ModSecurity 更新ModSecurity核心规则 - Updating an arugement of a ModSecurity Core Rule 相同网址的Apache重定向规则 - Apache redirect rule for the same url modsecurity 2-禁用特定规则ID的日志记录? - modsecurity 2 — disable logging for specific rule ids?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM