During the configuration of owasp modsecurity core rule set (CRS) the following error appeared

Syntax error on line 52 of /etc/modsecurity/activated_rules/modsecurity_crs_20_protocol_violations.conf:

The main reasons are the previously installed version of libapache2-modsecurity and OWASP CRS.

dpkg -s libapache2-modsecurity | grep Version
Version: 2.6.6-6+deb7u1

owasp-modsecurity-2.2.8-1

libapache2-modsecurity version 2.6.6-6 doesn’t work correctly with owasp csr 2.2.8-1

The earlier version of owasp core rule set is needed.

and here it is a basic configuration of apache modsecurity

aptitude install libapache2-modsecurity

cp /etc/modsecurity/modsecurity.conf-recommended /etc/apache2/conf.d/modsecurity.conf

vim /etc/apache2/conf.d/modsecurity.conf

customize settings


SecRuleEngine DetectionOnly

SecRequestBodyAccess On

SecDebugLog /var/log/apache2/modsecurity-debug.log

SecDebugLogLevel 3


a2enmod mod-security
a2enmod headers
apachectl configtest
/etc/init.d/apache2 reload

Now configure owasp mod-security

wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5
tar xvf v2.2.5
cp -r SpiderLabs-owasp-modsecurity-crs-5c28b52/* /etc/modsecurity/
mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf
cd /etc/modsecurity/base_rules/
for f in * ; do ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f;done
cd /etc/modsecurity/optional_rules/
for f in * ; do ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f; done
vim /etc/apache2/mods-available/mod-security.conf
add owasp config files
Include "/etc/modsecurity/activated_rules/*.conf"

apachectl configtest
/etc/init.d/apache2 reload