[Owasp-modsecurity-core-rule-set] OWASP CRS Version 3.0 RC1 Rules 930100, 930110

Gary Tam gary.tam at ges.com.hk
Mon Aug 29 06:23:49 UTC 2016


Dear Bill,

 

Thanks for your reply and information.  I have just downloaded the dasebase
- GeoLiteCity.dat from http://dev.maxmind.com/geoip/legacy/geolite/ and
updated in the config file (i.e. modsecurity_crs_61_ip_forensics.conf).  But
it now shows another Syntax error as below:  

 

Syntax error in config file C:\/Program Files/ModSecurity
IIS/owasp_crs/experimental_rules/modsecurity_crs_61_ip_forensics.conf, line
34: SecGeoLookupDB takes one argument, database for geographical lookups
module.

 

line 34 of modsecurity_crs_61_ip_forensics.conf

SecGeoLookupDb C:\Program Files\ModSecurity
IIS\owasp_crs\base_rules\GeoLiteCity.dat

 

 

Would you please help again?  Many thanks! 

 

 

Best Regards,

 

Gary Tam

 

From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org
[mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf
Of Bill Miller
Sent: 29 August 2016 12:33
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] OWASP CRS Version 3.0 RC1
Rules 930100, 930110

 

You can download the database from here 
https://dev.maxmind.com/geoip/legacy/geolite/

On 08/28/2016 11:20 PM, Gary Tam wrote:

Dear Genius,

 

 

I am a beginner in Owasp-modsecurity.  I have just done the modsecurity
installation on my windows server (i.e. Windows 2008 with IIS 7.5).  It is
observed that there is a windows event log error when enabled the
"experimental_rules" as below: 

 

Syntax error in config file C:\/Program Files/ModSecurity
IIS/owasp_crs/experimental_rules/modsecurity_crs_61_ip_forensics.conf, line
34: Could not open geo database
"/usr/local/apache/conf/modsec_current/base_rules/GeoLiteCity.dat": The
system cannot find the path specified. 

 

Of coz I know it is needed to emend the file path from linux to windows
syntax, but i could not find the GeoLiteCity.dat in my windows server.
Would you guys help to check and advise? 

 

Many thanks! 

 

Best Regards,

 

Gary Tam

 

 

 






_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160829/d8b16f0f/attachment-0001.html>


More information about the Owasp-modsecurity-core-rule-set mailing list