install WAF rules

0

Dears,

 

i am using KEMP free LB and i have uploaded the OWASP rules into WAF settings, but when applying the WAF rules i get the following error

 

 ModSecurity: Access denied with code 500 (phase 1). Operator EQ matched 0 at TX. [file "/tmp/waf/1/REQUEST-901-INITIALIZATION.conf"] [line "61"] [id "901001"] [msg "ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules.

is there a way to include the crs-setup.conf file into WAF webserver

Thanks
Ahmad

1 comment

Avatar
0
chris.kelly

I had this issue too.  It seems that LoadMaster sorts rules uppercase before lowercase, so REQUEST and RESPONSE rules are being processed before the crs-setup.conf.  Renaming the crs-setup.conf to CRS-SETUP.conf and re-uploading will cause the rules to be processed in the correct order.

Chris