I'm trying to add a mod security rule to implement rate limiting for a certain uri on a web application that is being served by apache.
I'm getting the following error when trying to restart apache:
ModSecurity: No action id present within the rule
Action 'configtest' failed.
The Apache error log may have more information
Specifically - this is what I'm trying to achieve: https://johnleach.co.uk/words/2012/05/15/rate-limiting-with-apache-and-mod-security/
It seems as though that article was written for a previous version of mod_security where the id wasn't required.
I have however altered the rule to include an id (as you can see, I've added id:1234). Therefore I'm not sure why I'm still getting the error.
<LocationMatch "^/login_check">
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog
SecAction "phase:5,deprecatevar:ip.somepathcounter=1/1,pass,nolog"
SecRule IP:SOMEPATHCOUNTER "@gt 60" "phase:2,id:1234,pause:300,deny,status:509,setenv:RATELIMITED,skip:1,nolog"
SecAction "phase:2,pass,setvar:ip.somepathcounter=+1,nolog"
Header always set Retry-After "10" env=RATELIMITED
</LocationMatch>
Not really sure how to debug this. Any input welcomed.
SecAction directives also require an id: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#id
Note : The id action is required for all SecRule/SecAction directives as of v2.7.0
Add a unique id to your SecAction lines too and it should work.