I have multiple virtual hosts with Modsecurity enabled. I want to assign multiple OWASP rules (from the base_rules folder) like SQL injection to multiple virtual hosts. I have included them in my virtual host files, but I get the following message when I reload apache:
ModSecurity: Found another rule with the same id Action '-t' failed.
The Apache error log may have more information.
How can I include these base rules in multiple virtual hosts without changing the id for each rule? The server is meant to proxy to a lot of virtual hosts, so changing the ID for each rule and each host would be a lot of work to do manually.
Including the rules at VHOST level did the trick.
The config which causes the error:
IncludeOptional folder_to_rules/modsecurity_crs_41_xss_attacks.conf
<VirtualHost *:80>
ServerName example.com
SecRuleEngine On
</VirtualHost>
Solution:
<VirtualHost *:80>
ServerName example.com
SecRuleEngine On
IncludeOptional folder_to_rules/modsecurity_crs_41_xss_attacks.conf
</VirtualHost>