defined by a module not included in the server configuration’
If you try to install modsecurity2 on Apache without reading the docs, you may get this message :
“Invalid command ‘SecRuleEngine’, perhaps mis-spelled or defined by a module not included in the server configuration”
This is not a bug ! Just a RTFM alert ! :)
You should thoroughly follow the following procedure (as described here ) to get modsecurity running :
ModSecurity installation consists of the following steps:
- ModSecurity 2.x works with Apache 2.0.x or better.
- Make sure you have mod_unique_id installed.
- (Optional) Install the latest version of libxml2, if it isn’t already installed on the server.
- Unpack the ModSecurity archive
- Edit Makefile to configure the path to Apache (for example: top_dir = /usr/local/apache2).
- (Optional) Edit Makefile to enable ModSecurity to use libxml2 (uncomment line DEFS = -DWITH_LIBXML2) and configure the include path (for example: INCLUDES=-I/usr/include/libxml2)
- Compile with make
- Stop Apache
- Install with make install 10. (Optional) Add one line to your configuration to load libxml2: LoadFile /usr/lib/libxml2.so 11. Add one line to your configuration to load ModSecurity: LoadModule security2_module modules/mod_security2.so
- Configure ModSecurity
- Start Apache
- You now have ModSecurity 2.x up and running.
In bold, the two lines you may forget to add into your configuration when installing from RPM.