Re: mod-security not triggering
On Sat, Apr 04, 2009 at 07:22:01PM -0700, Todd A. Jacobs wrote:
> I've recently upgraded a Debian box from Apache 1.3 to 2.x, which also
> forced me to move over to the new mod-security 2.x packages as well. I
> tried to port over some of my rules from 1.x, even though the new
> syntax took some conversion. None of my rules seem to be triggering,
> though, and I'm not sure how to debug the setup.
For those who may be bitten by the same bug, the reason is that
the new modsecurity package doesn't enable the required mod_unique_id
module in Apache during the installation. You can find evidence of this
in the Apache error.log if you have logging set high enough, but it
won't prevent Apache from starting or modsecurity from *appearing* to
Use a2enmod to enable unique_id and restart Apache. :)
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"