原由:在ARM环境中nginx添加ModSecurity功能报错 最后查找资料是由于版本问题
是由于没有编译 GeoIP
报错说明
“modsecurity_rules_file” directive Rules error.
File: /modsecurity/rules/REQUEST-910-IP-REPUTATION.conf. Line: 73. Column: 22.
This version of ModSecurity was not compiled with GeoIP or MaxMind support. in /usr/local/nginx/conf/nginx.conf:21
由于时间匆忙暂时只找到一个临时解决办法
解决办法
- 找到你安装的文件,一般报错的信息里面会有路径
这里由于我为了安全,代码中把部分路径给屏蔽了。。。。 - 找到对应文件之后,打开找到id 为910100的,然后注释掉就OK了
#SecRule TX:HIGH_RISK_COUNTRY_CODES "!@rx ^$" \
# "id:910100,\
# phase:2,\
# block,\
# t:none,\
# msg:'Client IP is from a HIGH Risk Country Location.',\
# logdata:'%{MATCHED_VAR}',\
# tag:'application-multi',\
# tag:'language-multi',\
# tag:'platform-multi',\
# tag:'attack-reputation-ip',\
# tag:'paranoia-level/1',\
# severity:'CRITICAL',\
# chain"
# SecRule TX:REAL_IP "@geoLookup" \
# "chain"
# SecRule GEO:COUNTRY_CODE "@within %{tx.high_risk_country_codes}" \
# "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
# setvar:'ip.reput_block_flag=1',\
# setvar:'ip.reput_block_reason=%{rule.msg}',\
# expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'"
切记:此方式会导致 GeoIP 功能失效!