Re: mod-security not triggering

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: mod-security not triggering
From: "Todd A. Jacobs" <nospam@codegnome.org>
Date: Mon, 6 Apr 2009 15:28:41 -0700
Message-id: <[🔎] 20090406222841.GC11902@penguin.codegnome.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20090405022200.GX29876@penguin.codegnome.org>
References: <[🔎] 20090405022200.GX29876@penguin.codegnome.org>

On Sat, Apr 04, 2009 at 07:22:01PM -0700, Todd A. Jacobs wrote:

> I've recently upgraded a Debian box from Apache 1.3 to 2.x, which also
> forced me to move over to the new mod-security 2.x packages as well. I
> tried to port over some of my rules from 1.x, even though the new
> syntax took some conversion. None of my rules seem to be triggering,
> though, and I'm not sure how to debug the setup.

For those who may be bitten by the same bug, the reason is that
the new modsecurity package doesn't enable the required mod_unique_id
module in Apache during the installation. You can find evidence of this
in the Apache error.log if you have logging set high enough, but it
won't prevent Apache from starting or modsecurity from *appearing* to
work.

Use a2enmod to enable unique_id and restart Apache. :)

-- 
"Oh, look: rocks!"
	-- Doctor Who, "Destiny of the Daleks"

Reply to:

References:
- mod-security not triggering
  - From: "Todd A. Jacobs" <nospam@codegnome.org>

Prev by Date: Re: new problem - networking is strange
Next by Date: Re: ssh-agent: multikey
Previous by thread: mod-security not triggering
Next by thread: Nautilus not starting properly : GConf error: Failed to contact configuration server
Index(es):
- Date
- Thread