[PROBLEM] Howto install/update modsecurity2 with ispconfig3 for IDA

Discussion in 'Installation/Configuration' started by aibara, Jan 20, 2013.

  1. aibara

    aibara New Member


    I'm actually using the modsecurity from this tutorial made by Till.

    The tutorial works great :D, and i am very happy with my new implementation.

    My problem is very simple, and i know how to solve this.
    As explained on the link, there's a bug with {unique_id} variable, what i need is something like :

    In file : modsecurity_crs_10_config.conf (main modsecurity config file)
    SecDefaultAction "phase:2,log,redirect:http://blabla.com/security/hack.php?ip=%{remote_addr}&regla=%{rule.msg}&id=%{UNIQUE_ID}"

    I need UNIQUE_ID to manage a future script to ban bad requests using iptables.

    But when the redirect happens, no unique_id appears.
    The bugtracker says that its fixed in 2.7.0, so thats why i need to update.

    I have already tried a lot of tutorials, and any of them work.

    Dunno what to do now, i'm a little lost.
    I Hope someone can help me with this and first of all, thanks for helping.
  2. aibara

    aibara New Member

    Okey, i'm now running modsecurity 2 with owasp 2.7.1 Rules.

    For those who want to protect their servers against WEB attacks on a Debian Squeeze read the following Manuals.

    First (remember to change the paths in some commands, CHECK IT)

    Second, download and install (follow INSTALL file inside the .tar) the rule set from

    Third (Optional) - Bann Attackers with iptables

Share This Page