ModSecurity: Rules must have at least id action

After compiling ModSecurity 2.8.0 with Apache 2.4.10 I got the the folowing error when trying to start Apache2:
ModSecurity: Rules must have at least id action
After Google-ing it I found this site that explains what went wrong:
https://evilazrael.de/content/modsecurity-rules-must-have-least-id-action
According to this site the labeling(identification) of the rules was optional till the version 2.7.0, after this version it’s mandatory. Well it took me a litte time to find out how to add the id: in the rules. here is how.

1) The id is given as extra argument on action within the last argument as follows:
SecRule arg1 arg2 ARG3
The id:[number] is given within the action description in ARG3
Example:
SecRule REQBODY_ERROR "!@eq 0" "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"

2) In cases of ‘chained’ rules, the id: is given only in the first rule declaration
Example:
SecRule REQUEST_URI "/wlw" chain,id:'14100603' SecRule ARGS_POST "<"

IT Tips and Tricks

Like this:

Share this:

Like this: