Package: modsecurity-crs Version: 3.3.4-1 Severity: important Tags: newcomer X-Debbugs-Cc: salilsa...@gmail.com
Dear Maintainer, I configured modsecurity for nginx using the available packages in the bookworm repository; namely, libmodsecurity3 and libnginx-mod-http-modsecurity. It worked like charm except with this package modsecuirty-crs. The two IncludeOptional directives in the file owasp-crs.load had to be changed to Include since nginx does not support IncludeOptional. This simply worked but by editing a file that the user is not supposed to edit and is likely to be overwritten on update. I believe there may be a way to make the whole modsecurity implementation to work out of the box for nginx as well by simply changing these two IncludeOptional directives to Include. Both of them include files that are already provided by the package hence IncludeOptional is redundant. Thanks, Salil -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bookworm-fasttrack'), (100, 'bookworm-backports-staging') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-17-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled modsecurity-crs depends on no packages. modsecurity-crs recommends no packages. Versions of packages modsecurity-crs suggests: pn geoip-database-contrib <none> pn libapache2-mod-security2 <none> pn lua <none> pn python <none> pn ruby <none>