Apache ModSecurity:另一個具有相同id錯誤的規則
[英]Apache ModSecurity: another rule with the same id error
問題描述
我正在嘗試使用Docker容器中設置的ModSecurity Rule設置 Apache服務器。 我遵循了一些教程( this , this和this )來構建安全的Apache服務器。 但是我無法使服務器與規則集一起使用。
我收到此錯誤:
AH00526: Syntax error on line 855 of /etc/httpd/modsecurity.d/crs-setup.conf:
ModSecurity: Found another rule with the same id
我搜索了錯誤,並根據此頁面上的答案,故障在於兩次包含相同的規則。 但是據我所知,我沒有兩次包含相同的規則,並且我想知道錯誤是否在其他地方。
我的項目文件結構如下:
.
├── conf
│ └── httpd.conf
├── Dockerfile
├── index.html
├── modsecurity.d
│ ├── crs-setup.conf
│ ├── modsecurity.conf
│ └── rules
httpd.conf文件是用於Apache服務器的默認配置文件,並且通過命令將modsecurity配置插入Dockerfile中。
Dockerfile具有以下配置
FROM centos:7
RUN yum -y update && \
yum -y install less which tree httpd mod_security && \
yum clean all
COPY index.html /var/www/html/
#COPY conf/ /etc/httpd/conf/
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/modsecurity.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/rules/
RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo " Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo " Include modsecurity.d/rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo " SecRuleEngine On" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
index.html只是一個基本的hello文件:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" lang="en">
</head>
<body>
<h1>Hello there</h1>
</body>
</html>
crs-setup.conf具有以下內容(不包括所有注釋)
SecRuleEngine On
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
SecCollectionTimeout 600
SecAction \
"id:900990,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.crs_setup_version=310"
modsecurity.conf只有這兩行
SecRequestBodyAccess On
SecStatusEngine On
rules是一個包含ModSecurity規則集的目錄。
如果有人想看一下整個安裝程序,我還將項目文件放在github上 。
1 個解決方案
解決方案1
0 已采納 2018-12-28 21:12:31
我發現了為什么我得到了錯誤。 ModSecurity配置文件的名稱錯誤,並且規則文件已放置在錯誤的目錄中。
ModSecurity文件是modsecurity.conf ,實際上它應該是mod_security.conf ,請注意下划線(源) 。 規則文件應放置在名為activated_rules (源)的文件夾中。
在我的工作配置中,我現在具有以下文件夾結構:
.
├── conf
│ └── httpd.conf
├── Dockerfile
├── index.html
└── modsecurity.d
├── crs-setup.conf
├── mod_security.conf
└── activated_rules
Dockerfile如下
FROM centos:7
RUN yum -y update && \
yum -y install less which tree httpd mod_security && \
yum clean all
COPY index.html /var/www/html/
RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/activated_rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/mod_security.conf /etc/httpd/conf.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/activated_rules/
EXPOSE 80
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
如何在多個虛擬主機中包含相同的modsecurity規則而不更改每個規則和每個主機的ID?
[英]How to include same modsecurity rules in multiple virtual hosts without changing the id for each rule and each host?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.