Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-56

RHEL: mod_security: lua scripts not supported

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • httpd 2.4.6 CR1
    • httpd 2.4.6 DR1
    • httpd
    • None
    • it is fixed in JBCS

      Hello,
      the mod_security config directive SecRuleScript is ignored on RHEL. Log output when SecRuleScript in a config file:

      Ignoring SecRuleScript "conf.d/crs/lua/profile_page_scripts.lua" directive (/opt/ews/workspace/jws-3.0/httpd/conf.d/mod_security_rules.conf:10): No Lua scripting support.

      The Solaris and Windows mod_security build have the lua support compiled.

      Log contains this information about lua compiled or not:
      RHEL:

      [Thu Aug 20 05:25:00.189078 2015] [:notice] [pid 29997] ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/) configured.
[Thu Aug 20 05:25:00.189084 2015] [:notice] [pid 29997] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
[Thu Aug 20 05:25:00.189087 2015] [:notice] [pid 29997] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Thu Aug 20 05:25:00.189089 2015] [:notice] [pid 29997] ModSecurity: LIBXML compiled version="2.9.1"

      Solaris:

      [Thu Aug 20 04:43:32.109206 2015] [:notice] [pid 6067] ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/) configured.
[Thu Aug 20 04:43:32.109250 2015] [:notice] [pid 6067] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
[Thu Aug 20 04:43:32.109264 2015] [:notice] [pid 6067] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Thu Aug 20 04:43:32.109274 2015] [:notice] [pid 6067] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Aug 20 04:43:32.109283 2015] [:notice] [pid 6067] ModSecurity: LIBXML compiled version="2.9.1"

      Win:

      [Thu Aug 20 02:49:07.012323 2015] [:notice] [pid 324:tid 436] ModSecurity for Apache/2.8.0 (http://www.modsecurity.org/) configured.
[Thu Aug 20 02:49:07.012323 2015] [:notice] [pid 324:tid 436] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8"
[Thu Aug 20 02:49:07.012323 2015] [:notice] [pid 324:tid 436] ModSecurity: PCRE compiled version="8.32 "; loaded version="8.32 2012-11-30"
[Thu Aug 20 02:49:07.012323 2015] [:notice] [pid 324:tid 436] ModSecurity: LUA compiled version="Lua 5.1"
[Thu Aug 20 02:49:07.012323 2015] [:notice] [pid 324:tid 436] ModSecurity: LIBXML compiled version="2.9.1"

              rhn-engineering-jclere Jean-Frederic Clere
              fgoldefu@redhat.com Filip Goldefus (Inactive)
              Filip Goldefus Filip Goldefus (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: