The rules-updater-jws3.pl script included in JWS 3.0.0 does not work

Solution Verified - Updated -

Environment

  • Red Hat JBoss Web Server 3.0.0

Issue

  • When I try to run the rules-updater-jws3.pl script included in JBoss Web Server 3.0.0, it does not work and does not download the OWASP ModSecurity Common Rule Set (CRS).
  • After updating the package mod_security-jws3 to the newest version mod_security-jws3-2.8.0-6.GA.ep7.el6, /usr/bin/rules-updater-jws3.pl has been set deprecated. How do we configure mod_security rule sets now, as there's no further documentation?
  • How to configure secrules for mod_security in JWS3?

Resolution

rules-updater-jws3.pl was deprecated in upstream mod_security and is no longer functional. rules-updater-jws3.pl was removed in JWS 3.0.1 and will not be included in future releases.

If you would like to use the OWASP ModSecurity Core Rule Set, please see this page for the download and installation instructions.

Root Cause

# ./rules-updater-jws3.pl  -rhttp://www.modsecurity.org/autoupdate/repository/ -prules -Fmodsecurity-crs
Could not load GnuPG module - cannot verify ruleset signatures
Fetching: modsecurity-crs/modsecurity-crs_2.2.5.zip ...
Failed to retrieve ruleset modsecurity-crs/modsecurity-crs_2.2.5.zip: 404 Not Found

404 is due to repository being shutdown.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.