Package: modsecurity-crs Version: 2.2.9-1 Severity: important Dear Maintainer,
apache2 dont start after activate modsecurity rule modsecurity_crs_16_session_hijacking.conf :~> sudo apache2ctl configtest AH00526: Syntax error on line 51 of /etc/modsecurity/modsecurity_crs_16_session_hijacking.conf: ModSecurity: Disruptive actions can only be specified by chain starter rules. Action 'configtest' failed. The Apache error log may have more information. Pls see this commit: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/e2fbef4ce89fed0c4dd338002b9a090dd2f6491d This fix the prblem, pls insert the fix in Debian package. Regard Karsten -- System Information: Debian Release: 8.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages modsecurity-crs depends on: ii libapache2-mod-security2 2.8.0-3 modsecurity-crs recommends no packages. Versions of packages modsecurity-crs suggests: pn geoip-database-contrib <none> pn lua <none> ii ruby 1:2.1.5+deb8u2 -- no debconf information