Comments (2)
leveryd
commented on June 15, 2024
1
If u just want to test lua script with crs rule, u can try leveryd/modsecurity:CVE-2024-1019 image, edit /tmp/debug.lua and test it.
~ # docker run -ti -p 80:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_DEBUG_LOGLEVEL=9 -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 leveryd/modsecurity:CVE-2024-1019
see https://github.com/leveryd/crs-dev
from modsecurity.
airween
commented on June 15, 2024
Hi @duongtuankiet,
I'm really sorry for late reply, I completely forgot this issue - sorry.
I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity
are you sure you installed ModSecurity with Lua?
What was your configure options? (If you still have your source tree, you can find that in config.log file, on the top.)
> * LUA ....found v504
> -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include
this means autotools finds the Lua libraries.
If you want to use Lua support, you must pass explicitly the argument to configure script:
./configure ... ... --with-lua ...
Without that you will get this result.
from modsecurity.
Related Issues (20)
- Annoying DNS queries with @rbl operator HOT 18
- Feature request: Limit the number of rules processed per request HOT 3
- SecAuditLogPart 'E' is logged even if it is not configured HOT 7
- Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. HOT 6
- Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?
- Phasing out SecStatusEngine HOT 3
- Regular Expression Failure Triggers `!@rx` HOT 1
- Incorrect utf8toUnicode transformation for 00xx
- docs, contributing: shorten description to improve flow for GitHub contributors, rewrite for owasp HOT 6
- @rbl operator does not support IPv6
- [Idea] Add variable support for SecAuditLog HOT 2
- % sign in URI must not be interpreted (other than for URI encoding) HOT 7
- Update link on Reference Manual v3 wiki page HOT 2
- Ignore SecStatusEngine directive in v2 HOT 1
- Encountering SIGSEGV when parsing multiple rule sets in parallel HOT 4
- is sanitiseArgs not supported in libmodsecurity3 version 3.0.12 HOT 5
- AH00526: Syntax error on line 93 of /etc/apache2/modsec/owasp-modsecurity-crs/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf: Error parsing actions: Unknown action: \\ Action 'configtest' failed. The Apache error log may have more information. HOT 4
- Apache: Short Lingering Close
- How to disable audit logging of some HTTP_CODE? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity.