[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#878920: IncludeOptional should deal gracefully with a missing directory in the specified path

Source: apache2
Version: 2.4.25-3+deb9u3
Severity: normal

Hi,
libapache2-mod-security2 sets a Recommends: on modsecurity-crs and ships a
/etc/apache2/mods-enabled/security2.conf with the following directive:

-----
# Include OWASP ModSecurity CRS rules if installed
IncludeOptional /usr/share/modsecurity-crs/owasp-crs.load
-----

But when installing on a system where the installation of recommended packages
is disabled, modsecurity-crs isn't installed and as such the the
/usr/share/modsecurity-crs/ directory isn't present, which makes the
IncludeOptional directive fail and preventing the Apache startup:

-----
Oct 17 14:57:17 foo systemd[1]: Starting The Apache HTTP Server...
Oct 17 14:57:17 foo apachectl[18942]: apache2: Syntax error on line 11 of /etc/apache2/apache2.conf: Syntax error on line 12 of /etc/apache2/mods-enabled/security2.conf:
Could not open config directory /usr/share/modsecurity-crs: No such file or directory
Oct 17 14:57:17 foo apachectl[18942]: Action 'start' failed.
-----

Creating /usr/share/modsecurity-crs/ fixes it, but that seems like a misfeature/bug?
Shouldn't it also fail gracefully in the absence of one of the path elements?

Cheers,
        Moritz
Reply to: