ModSecurity 2 - Invalid command SecRuleEngine, perhaps mis-spelled or

defined by a module not included in the server configuration'

categories:

If you try to install modsecurity2 on Apache without reading the docs, you may get this message :

“Invalid command ‘SecRuleEngine’, perhaps mis-spelled or defined by a module not included in the server configuration”

This is not a bug ! Just a RTFM alert ! :)

You should thoroughly follow the following procedure (as described here ) to get modsecurity running :

ModSecurity installation consists of the following steps:

  1. ModSecurity 2.x works with Apache 2.0.x or better.
  2. Make sure you have mod_unique_id installed.
  3. (Optional) Install the latest version of libxml2, if it isn’t already installed on the server.
  4. Unpack the ModSecurity archive
  5. Edit Makefile to configure the path to Apache (for example: top_dir = /usr/local/apache2).
  6. (Optional) Edit Makefile to enable ModSecurity to use libxml2 (uncomment line DEFS = -DWITH_LIBXML2) and configure the include path (for example: INCLUDES=-I/usr/include/libxml2)
  7. Compile with make
  8. Stop Apache
  9. Install with make install 10. (Optional) Add one line to your configuration to load libxml2: LoadFile /usr/lib/libxml2.so 11. Add one line to your configuration to load ModSecurity: LoadModule security2_module modules/mod_security2.so
  10. Configure ModSecurity
  11. Start Apache
  12. You now have ModSecurity 2.x up and running.

In bold, the two lines you may forget to add into your configuration when installing from RPM.



Thanks for reading this post!


Did you find an issue in this article?

- click on the following Github link
- log into Github with your account
- click on the line number containing the error
- click on the "..." button
- choose "Reference in new issue"
- add a title and your comment
- click "Submit new issue"

Your feedback is much appreciated! πŸ€œπŸΌπŸ€›πŸΌ

You can also drop me a line below!