Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
litespeed_wiki:config:understanding_500 [2019/10/15 13:43] Jackson Zhang [OWASP ModSecurity rule set may trigger 500 when using Imunify360 together] |
litespeed_wiki:config:understanding_500 [2019/10/15 13:45] Jackson Zhang |
||
---|---|---|---|
Line 276: | Line 276: | ||
in /etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-901-INITIALIZATION.conf | in /etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-901-INITIALIZATION.conf | ||
SecRule &TX:crs_setup_version "@eq 0" "id:901001, phase:1, auditlog, log, deny, status:500, severity:CRITICAL, msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions.'" | SecRule &TX:crs_setup_version "@eq 0" "id:901001, phase:1, auditlog, log, deny, status:500, severity:CRITICAL, msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions.'" | ||
- | | + | |
+ | crs-setup.conf has to be loaded first then the rest of rules including REQUEST-901-INITIALIZATION.conf. | ||
Imunify360 could break the loading order of the above rule set and lead to "500" errors. | Imunify360 could break the loading order of the above rule set and lead to "500" errors. | ||
| | ||