We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity
ModSecurity - v3.0.12-33-g625f9a53 for Linux Mandatory dependencies + libInjection ....v3.9.2-46-gbfba51f + SecLang tests ....a3d4405 Optional dependencies + GeoIP/MaxMind ....found * (MaxMind) v1.5.2 -lmaxminddb , -DWITH_MAXMIND + LibCURL ....found v7.76.1 -lcurl, -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL + YAJL ....found v2.1.0 -lyajl , -DWITH_YAJL + LMDB ....disabled + LibXML2 ....found v2.9.13 -lxml2 , -I/usr/include/libxml2 -DWITH_LIBXML2 + SSDEEP ....found -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include + LUA ....found v504 -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include + PCRE2 ....disabled Other Options + Test Utilities ....enabled + SecDebugLog ....enabled + afl fuzzer ....disabled + library examples ....enabled + Building parser ....disabled + Treating pm operations as critical section ....disabled
Log Nginx :
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: . Line: 1. Column: 0. Failed to load script: Lua support was not enabled.
My Rule :
SecRuleScript /opt/test.lua "id: 100, pass"
please help me
The text was updated successfully, but these errors were encountered:
If u just want to test lua script with crs rule, u can try leveryd/modsecurity:CVE-2024-1019 image, edit /tmp/debug.lua and test it.
leveryd/modsecurity:CVE-2024-1019
/tmp/debug.lua
~ # docker run -ti -p 80:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_DEBUG_LOGLEVEL=9 -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 leveryd/modsecurity:CVE-2024-1019
see https://github.com/leveryd/crs-dev
Sorry, something went wrong.
Hi @duongtuankiet,
I'm really sorry for late reply, I completely forgot this issue - sorry.
are you sure you installed ModSecurity with Lua?
What was your configure options? (If you still have your source tree, you can find that in config.log file, on the top.)
configure
config.log
> * LUA ....found v504 > -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include
this means autotools finds the Lua libraries.
If you want to use Lua support, you must pass explicitly the argument to configure script:
./configure ... ... --with-lua ...
Without that you will get this result.
No branches or pull requests
I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity
Log Nginx :
My Rule :
please help me
The text was updated successfully, but these errors were encountered: