# ModSecurity not functioning ?

## Anquietas

Hello,

I have a Gentoo Server with a few server applications on it.

I have reinstalled ModSecurity but it seems that is not working.

ModSecurity and ModSecurity-CRS are already installed:

```

[ebuild   R    ] www-apache/mod_security-2.6.3  USE="-curl -geoip -lua" 0 kB

[ebuild   R    ] www-apache/modsecurity-crs-2.2.3  0 kB

```

SECURITY is Loaded in Apache:

```

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D MANUAL -D SSL -D SECURITY -D SSL_DEFAULT_VHOST -D PHP5"

```

My Configuration Listing in /etc/apache2/modules.d/

```

infosky ~ # ls /etc/apache2/modules.d/

00_apache_manual.conf     00_languages.conf      00_mod_log_config.conf  00_mod_userdir.conf    40_mod_ssl.conf   70_mod_php5.conf

00_default_settings.conf  00_mod_autoindex.conf  00_mod_mime.conf        00_mpm.conf            45_mod_dav.conf   79_modsecurity.conf

00_error_documents.conf   00_mod_info.conf       00_mod_status.conf      10_mod_mem_cache.conf  46_mod_ldap.conf  80_modsecurity-crs.conf

```

79_modsecurity.conf:

```

<IfDefine SECURITY>

LoadModule security2_module modules/mod_security2.so

# Enable looking up geolocation data from MaxMind's GeoIP database

#SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat

#SecDataDir /var/cache/modsecurity

</IfDefine>

# -*- apache -*-

# vim: ts=4 filetype=apache

```

80_modsecurity-crs.conf:

http://pastebin.com/ZAh2TJRt

Logs (they have 0 bytes, so they are empty):

```

infosky ~ # ls -l /var/log/apache2/ |grep modsec

-rw-r----- 1 apache apache        0 Apr  9 00:02 modsec_audit.log

-rw-r----- 1 apache apache        0 Apr  9 00:02 modsec_debug.log

```

I also tried a website on my server with (index.php?aaa=/bin/bash) to test the functionality.

Nothing worked.

Please advice !

----------

## skunk

 *Anquietas wrote:*   

> 80_modsecurity-crs.conf:

 

switch on SecRuleEngine and set SecAuditLog

----------

## Anquietas

I've activated those and restarted Apache.

However, it is still not working...

----------

## skunk

 *Anquietas wrote:*   

> I also tried a website on my server with (index.php?aaa=/bin/bash) to test the functionality.
> 
> Nothing worked.

 

that request doesn't trigger mod_security, try with "/onClick="

what does your apache logs say after restart?

----------

## Anquietas

Yea, it seems to work, however it logs in the main apache error_log (/var/log/apache2/error_log), not in the modsec_audit.log or modsec_debug.log, those remain with 0 bytes...

And I declared those lines in the configuration...

```
infosky ~ # cat /etc/apache2/modules.d/80_modsecurity-crs.conf |grep modsec

SecAuditLog /var/log/apache2/modsec_audit.log

SecDebugLog /var/log/apache2/modsec_debug.log
```

----------

