Unable to activate ModSecurity

Issue

  • When trying to activate ModSecurity or add new rules following the official documentation, it doesn't work.
  • The debug log is turned on but it doesn't print anything.

Environment

  • Liferay PaaS

Resolution

  • First of all, double check that you have properly configured LCP_WEBSERVER_MODSECURITY environment variable in webserver/LCP.json.
  • Apart from the audit log (/var/log/modsec_audit.log), try to turn on the debug log in modsecurity.conf:
    SecDebugLog /var/log/modsec_debug.log
    SecDebugLogLevel 9
  • If, despite that, nothing is printed in modsec_audit.log or modsec_debug.log that helps you troubleshoot the issue, you may see something like this in Nginx logs:
    2023/12/04 18:31:53 [emerg] 83#83: "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 194. Column: 16. Failed to start DebugLog: Failed to open file: /opt/modsecurity/var/log/debug.log in /etc/nginx/nginx.conf:62
    nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsec/modsecurity.conf. Line: 194. Column: 16. Failed to start DebugLog: Failed to open file: /opt/modsecurity/var/log/debug.log in /etc/nginx/nginx.conf:62
  • Even if this is not your case, double check your own nginx.conf. You may have some directives that conflict with your ModSecurity configuration, such as modsecurity off;.

Additional Information

Was this article helpful?
0 out of 0 found this helpful