search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
7.67k stars 1.54k forks source link

Lua installed, but Modsecurity still dont work with it #3119

Open duongtuankiet opened 1 month ago

duongtuankiet commented 1 month ago

I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity 

ModSecurity - v3.0.12-33-g625f9a53 for Linux

 Mandatory dependencies
   + libInjection                                  ....v3.9.2-46-gbfba51f
   + SecLang tests                                 ....a3d4405

 Optional dependencies
   + GeoIP/MaxMind                                 ....found
      * (MaxMind) v1.5.2
         -lmaxminddb , -DWITH_MAXMIND
   + LibCURL                                       ....found v7.76.1
      -lcurl,  -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
   + YAJL                                          ....found v2.1.0
      -lyajl , -DWITH_YAJL
   + LMDB                                          ....disabled
   + LibXML2                                       ....found v2.9.13
      -lxml2 , -I/usr/include/libxml2  -DWITH_LIBXML2
   + SSDEEP                                        ....found
      -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
   + LUA                                           ....found v504
      -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include
   + PCRE2                                          ....disabled

 Other Options
   + Test Utilities                                ....enabled
   + SecDebugLog                                   ....enabled
   + afl fuzzer                                    ....disabled
   + library examples                              ....enabled
   + Building parser                               ....disabled
   + Treating pm operations as critical section    ....disabled

Log Nginx :

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: . Line: 1. Column: 0. Failed to load script: Lua support was not enabled.

My Rule :

SecRuleScript /opt/test.lua "id: 100, pass"

please help me

leveryd commented 1 week ago

If u just want to test lua script with crs rule, u can try leveryd/modsecurity:CVE-2024-1019 image, edit /tmp/debug.lua and test it.

~ # docker run -ti -p 80:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_DEBUG_LOGLEVEL=9 -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 leveryd/modsecurity:CVE-2024-1019

see https://github.com/leveryd/crs-dev

airween commented 1 week ago

Hi @duongtuankiet,

I'm really sorry for late reply, I completely forgot this issue - sorry.

I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity

are you sure you installed ModSecurity with Lua?

What was your configure options? (If you still have your source tree, you can find that in config.log file, on the top.)

>     * LUA                                           ....found v504
>       -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include

this means autotools finds the Lua libraries.

If you want to use Lua support, you must pass explicitly the argument to configure script:

./configure ... ... --with-lua ...

Without that you will get this result.