Note: please note that Liferay has renamed its Liferay Experience
Could offerings to Liferay SaaS (formerly LXC) and
Liferay PaaS (formerly LXC-SM).
Issue
- When trying to activate ModSecurity or add new rules following the official documentation, it doesn't work.
- The debug log is turned on but it doesn't print anything.
Environment
- Liferay PaaS
Resolution
- First of all, double check that you have properly configured
LCP_WEBSERVER_MODSECURITY
environment variable inwebserver/LCP.json
. - Apart from the audit log (
/var/log/modsec_audit.log
), try to turn on the debug log inmodsecurity.conf
:SecDebugLog /var/log/modsec_debug.log
SecDebugLogLevel 9
- If, despite that, nothing is printed in
modsec_audit.log
ormodsec_debug.log
that helps you troubleshoot the issue, you may see something like this in Nginx logs:2023/12/04 18:31:53 [emerg] 83#83: "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 194. Column: 16. Failed to start DebugLog: Failed to open file: /opt/modsecurity/var/log/debug.log in /etc/nginx/nginx.conf:62
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 194. Column: 16. Failed to start DebugLog: Failed to open file: /opt/modsecurity/var/log/debug.log in /etc/nginx/nginx.conf:62 - Even if this is not your case, double check your own
nginx.conf
. You may have some directives that conflict with your ModSecurity configuration, such asmodsecurity off;
.
Additional Information
- Liferay Learn: Web Application Firewall
- Nginx: ModSecurity: Logging and Debugging
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In