Bug#838009: modsecurity-crs: Apache2 dont start after activate modsecurity rule modsecurity_crs_16_session_hijacking.conf

Karsten Schoeke Fri, 16 Sep 2016 04:33:50 -0700

Package: modsecurity-crs
Version: 2.2.9-1
Severity: important

Dear Maintainer,


apache2 dont start after activate modsecurity rule
modsecurity_crs_16_session_hijacking.conf

:~> sudo apache2ctl configtest
AH00526: Syntax error on line 51 of
/etc/modsecurity/modsecurity_crs_16_session_hijacking.conf:
ModSecurity: Disruptive actions can only be specified by chain starter
rules.
Action 'configtest' failed.
The Apache error log may have more information.

Pls see this commit:
https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/e2fbef4ce89fed0c4dd338002b9a090dd2f6491d
This fix the prblem, pls insert the fix in Debian package.

Regard
Karsten

-- System Information:
Debian Release: 8.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages modsecurity-crs depends on:
ii  libapache2-mod-security2  2.8.0-3

modsecurity-crs recommends no packages.

Versions of packages modsecurity-crs suggests:
pn  geoip-database-contrib  <none>
pn  lua                     <none>
ii  ruby                    1:2.1.5+deb8u2

-- no debconf information

Bug#838009: modsecurity-crs: Apache2 dont start after activate modsecurity rule modsecurity_crs_16_session_hijacking.conf

Reply via email to