Re: mod-security update
On Fri, Apr 12, 2013 at 11:46:44AM +0200, Jens Tobiska wrote: After the latest update of mod-security for debian squeeze, I am receiving the error message: Syntax error on line 52 of /etc/apache2/mod-security/modsecurity.conf: Invalid command 'SecRequestBodyLimitAction', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. failed! whenever I try to do /etc/init.d/apache2 reload Before the update it did not show any such error and I did not change anything with the mod-security configuration since. Interestingly, from what I read, SecRequestBodyLimitAction appears only with mod-security 2.6 and squeeze uses version 2.5, so I don't understand why it did not complain before the update. Do you have numeric ID action for every rule? Regards, Veljko -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130415154109.GA6679@angelina
Re: mod-security update
Jens Tobiska wrote: After the latest update of mod-security for debian squeeze, I am receiving the error message: There is no mod-security for Squeeze. You must have installed it from elsewhere. Check it with: apt-cache policy mod-security Interestingly, from what I read, SecRequestBodyLimitAction appears only with mod-security 2.6 and squeeze uses version 2.5, so I don't understand why it did not complain before the update. Did you install something from Testing or Backports? Bob signature.asc Description: Digital signature
Re: mod-security update
On Sat, 2013-04-13 at 11:08 -0600, Bob Proulx wrote: Jens Tobiska wrote: After the latest update of mod-security for debian squeeze, I am receiving the error message: There is no mod-security for Squeeze. You must have installed it from elsewhere. Check it with: My guess is he is referring to an Apache module (package libapache2-mod-security) It has recently been updated in Squeeze, see this security advisory: http://www.debian.org/security/2013/dsa-2659 I have no first hand experience with it though. Interestingly, from what I read, SecRequestBodyLimitAction appears only with mod-security 2.6 and squeeze uses version 2.5, so I don't understand why it did not complain before the update. I'd say have have a closer look at the documentation and/or file a regression bug report. signature.asc Description: This is a digitally signed message part
Re: mod-security update
On Sat 13 Apr 2013 at 11:08:23 -0600, Bob Proulx wrote: Jens Tobiska wrote: After the latest update of mod-security for debian squeeze, I am receiving the error message: There is no mod-security for Squeeze. You must have installed it from elsewhere. Check it with: apt-cache policy mod-security The reference may be to libapache-mod-security. There has been a recent security update for it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130413190937.GL30093@desktop
mod-security update
After the latest update of mod-security for debian squeeze, I am receiving the error message: Syntax error on line 52 of /etc/apache2/mod-security/modsecurity.conf: Invalid command 'SecRequestBodyLimitAction', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. failed! whenever I try to do /etc/init.d/apache2 reload Before the update it did not show any such error and I did not change anything with the mod-security configuration since. Interestingly, from what I read, SecRequestBodyLimitAction appears only with mod-security 2.6 and squeeze uses version 2.5, so I don't understand why it did not complain before the update.