Hi, I've done some searches hoping to find some help, and while I did find a reference to the same error earlier in the list, I didn't see a clear solution - or at least one that seemed clear to me.
I'm looking at getting ModSecurity upgraded on our web server, using 2.6.2 with the 2.2.0 CRS. What I'm encountering is a Lua error that has me confused. Message: Lua: Script execution failed: attempt to call a nil value Message: Rule processing failed. This is an installation on a Debian 5.0.9 server, I believe that the necessary requirements are installed: libapr1 : 1.2.12-5+lenny4 libapr1-dev : 1.2.12-5+lenny4 libaprutil1 : 1.2.12+dfsg-8+lenny5 libaprutil1-dev : 1.2.12+dfsg-8+lenny5 lua5.1 : 5.1.3-1 liblua5.1-0 : 5.1.3-1 liblua5.1-0-dev : 5.1.3-1 libpcre3 : 7.6-2.1 libpcre3-dev : 7.6-2.1 libxml2 : 2.6.32.dfsg-5+lenny4 libxml2-dev : 2.6.32.dfsg-5+lenny4 Apache 2.2.21 is installed from source using the following configure: ./configure \ --prefix=/usr/local/apache \ --disable-userdir \ --enable-rewrite \ --enable-so \ --enable-status \ --enable-info \ --enable-ssl \ --enable-cgi \ --enable-unique-id \ --enable-mime-magic \ --with-included-apr \ --with-pcre=/usr/bin/pcre-config \ --enable-deflate \ --enable-expires \ --enable-headers ModSecurity 2.6.2 is installed with the following configure: ./configure \ --with-apxs=/usr/local/apache/bin/apxs \ --with-apr=/usr/local/apache/bin/apr-1-config I've only made minor path changes to the ModSecurity config, and a few rule rewrites for some false positives in the CRS configuration. I'm assuming this is a result of modsecurity_crs_41_advanced_filters.conf somehow, but I'm not entirely sure how -- or whether this is necessary, or purely optional (although it's part of the base_rules). Appreciate any help or suggestions that anyone can give. Ross. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
