Lua installed, but Modsecurity still dont work with it

[duongtuankiet]

I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity

ModSecurity - v3.0.12-33-g625f9a53 for Linux

 Mandatory dependencies
   + libInjection                                  ....v3.9.2-46-gbfba51f
   + SecLang tests                                 ....a3d4405

 Optional dependencies
   + GeoIP/MaxMind                                 ....found
      * (MaxMind) v1.5.2
         -lmaxminddb , -DWITH_MAXMIND
   + LibCURL                                       ....found v7.76.1
      -lcurl,  -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
   + YAJL                                          ....found v2.1.0
      -lyajl , -DWITH_YAJL
   + LMDB                                          ....disabled
   + LibXML2                                       ....found v2.9.13
      -lxml2 , -I/usr/include/libxml2  -DWITH_LIBXML2
   + SSDEEP                                        ....found
      -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
   + LUA                                           ....found v504
      -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include
   + PCRE2                                          ....disabled

 Other Options
   + Test Utilities                                ....enabled
   + SecDebugLog                                   ....enabled
   + afl fuzzer                                    ....disabled
   + library examples                              ....enabled
   + Building parser                               ....disabled
   + Treating pm operations as critical section    ....disabled

Log Nginx :

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: . Line: 1. Column: 0. Failed to load script: Lua support was not enabled.

My Rule :

SecRuleScript /opt/test.lua "id: 100, pass"

please help me

[leveryd]

If u just want to test lua script with crs rule, u can try leveryd/modsecurity:CVE-2024-1019 image, edit /tmp/debug.lua and test it.

~ # docker run -ti -p 80:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_DEBUG_LOGLEVEL=9 -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 leveryd/modsecurity:CVE-2024-1019

see https://github.com/leveryd/crs-dev

[airween]

Hi @duongtuankiet,

I'm really sorry for late reply, I completely forgot this issue - sorry.

I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity

are you sure you installed ModSecurity with Lua?

What was your configure options? (If you still have your source tree, you can find that in config.log file, on the top.)

>     * LUA                                           ....found v504
>       -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include

this means autotools finds the Lua libraries.

If you want to use Lua support, you must pass explicitly the argument to configure script:

./configure ... ... --with-lua ...

Without that you will get this result.