In our apache build we are using the upstream modsecurity.conf-recommended file, and we add our own override file after that one.
This causes some friction because it always require files that are not going to be used, and also extended permissions when running in no permission filesystems.
For example:
apache-nightly | AH00526: Syntax error on line 199 of /etc/modsecurity.d/modsecurity.conf:
apache-nightly | ModSecurity: Failed to open the audit log file: /var/log/modsec_audit.log
This doesn't make sense because it never gets to our override that will actually point that file to the correct directory.
My proposal is to just replace it with the actual override instead, merging both files in our own file.
Makes sense to me. But maybe we should be able to detect when the recommended file changes. We could compute the hash and compare it to a known value, and abort the build when the values differ.
In our apache build we are using the upstream
modsecurity.conf-recommended
file, and we add our own override file after that one.This causes some friction because it always require files that are not going to be used, and also extended permissions when running in no permission filesystems.
For example:
This doesn't make sense because it never gets to our override that will actually point that file to the correct directory.
My proposal is to just replace it with the actual override instead, merging both files in our own file.