ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

Lua installed, but Modsecurity still dont work with it

Open duongtuankiet opened this issue 1 year ago • 2 comments

I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity

ModSecurity - v3.0.12-33-g625f9a53 for Linux

 Mandatory dependencies
   + libInjection                                  ....v3.9.2-46-gbfba51f
   + SecLang tests                                 ....a3d4405

 Optional dependencies
   + GeoIP/MaxMind                                 ....found
      * (MaxMind) v1.5.2
         -lmaxminddb , -DWITH_MAXMIND
   + LibCURL                                       ....found v7.76.1
      -lcurl,  -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
   + YAJL                                          ....found v2.1.0
      -lyajl , -DWITH_YAJL
   + LMDB                                          ....disabled
   + LibXML2                                       ....found v2.9.13
      -lxml2 , -I/usr/include/libxml2  -DWITH_LIBXML2
   + SSDEEP                                        ....found
      -lfuzzy -L/usr/lib64/, -DWITH_SSDEEP -I/usr/include
   + LUA                                           ....found v504
      -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include
   + PCRE2                                          ....disabled

 Other Options
   + Test Utilities                                ....enabled
   + SecDebugLog                                   ....enabled
   + afl fuzzer                                    ....disabled
   + library examples                              ....enabled
   + Building parser                               ....disabled
   + Treating pm operations as critical section    ....disabled

Log Nginx :

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: . Line: 1. Column: 0. Failed to load script: Lua support was not enabled.

My Rule :

SecRuleScript /opt/test.lua "id: 100, pass"

please help me

duongtuankiet avatar Apr 04 '24 10:04 duongtuankiet

If u just want to test lua script with crs rule, u can try leveryd/modsecurity:CVE-2024-1019 image, edit /tmp/debug.lua and test it.

~ # docker run -ti -p 80:80 -e ERRORLOG=/tmp/nginx_error.log -e MODSEC_DEBUG_LOG=/tmp/debug.log -e MODSEC_DEBUG_LOGLEVEL=9 -e MODSEC_AUDIT_LOG=/tmp/audit.log -e BACKEND=http://10.56.58.13:8888 leveryd/modsecurity:CVE-2024-1019

see https://github.com/leveryd/crs-dev

leveryd avatar May 08 '24 07:05 leveryd

Hi @duongtuankiet,

I'm really sorry for late reply, I completely forgot this issue - sorry.

I have installed Lua 5.4, Nginx 1.20.1, Modsecurity V3 and this is my config Modsecurity

are you sure you installed ModSecurity with Lua?

What was your configure options? (If you still have your source tree, you can find that in config.log file, on the top.)

>     * LUA                                           ....found v504
>       -llua-5.4 -L/usr/lib64/, -DWITH_LUA -DWITH_LUA_5_4 -I/usr/include

this means autotools finds the Lua libraries.

If you want to use Lua support, you must pass explicitly the argument to configure script:

./configure ... ... --with-lua ...

Without that you will get this result.

airween avatar May 08 '24 19:05 airween