我正在使用 Apache2(最新版本)在 Ubuntu 22.04 上构建服务器。当我启用 ModSecurity 时,尝试重新启动 Apache 时会收到错误消息。一旦我禁用 ModSecurity,重新启动 Apache 时错误消息就会消失,我的网站就会恢复在线。有什么建议吗?
细节:
× apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:>
Active: failed (Result: exit-code) since Wed 2022-11-23 13:16:04 CST; 8min a>
Docs: https://httpd.apache.org/docs/2.4/
Process: 2799 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAIL>
CPU: 31ms
更多细节:
Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Nov 23 13:16:04 m-70A4003AUX systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
Nov 23 13:16:04 m-70A4003AUX systemd[1]: Failed to start The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 2140 and the job result is failed.
答案1
您运行过 apachectl configtest 吗?
https://coreruleset.org/installation/
重要提示:从 CRS 3.2.2、3.3.3 及更高版本开始,由于添加了新的保护措施,需要使用 ModSecurity 2.9.6 或 3.0.8(或带有反向移植补丁的版本)。我们建议尽快升级您的 ModSecurity。如果您的 ModSecurity 太旧,您的网络服务器将拒绝启动。作为临时措施,您可以删除文件 rules/REQUEST-922-MULTIPART-ATTACK.conf。但是,您将缺少一些保护措施。