What does "ModSecurity-apache is unstable" mean, exactly?

[ghost]

trafficstars

I have written a guide on how to install ModSecurity-apache from source for Ubuntu 20.04 here.

When attempting to Include crs-setup.conf and the coreruleset/rules directory I receive a startup error in regards to SecDefaultAction.

AH00526: Syntax error on line 106 of /etc/apache2/conf-available/crs-setup.conf: Invalid command 'SecDefaultAction', perhaps misspelled or defined by a module not included in the server configuration

I am sure this is a matter of figuring out how to include these files in ModSecurity v3.0.4.

I suppose this is a multi-issue.

Please understand I am not a programmer by any means; I am learning.

The reason I made this issue is because I am curious of this: What does "ModSecurity-apache is unstable" mean, exactly?

[zimmerle]

Hi @DrewPlots,

Thank you for aggregate that installation information.

The include manner was changed, now the user can include files using what is described here - https://github.com/SpiderLabs/ModSecurity-apache#usage

The reason why this project was not yet released is because it is still missing code. It does not work as expected, yet.

I think there is an issue within the link that you have provided for the wiki document.

[ghost]

Thank you for the response.

You are welcome. I was happy to write it up; it's the least I could do, really.

Because the apache connector is missing code means either I must wait for the project to gain traction, learn to program, or utilize the ongoing development by using an nginx connector.

All the modsecurity-related include declarations work for modsecurity. However, none of the modsecurity or the coreruleset (the <IfModule security(3)_module>)installation directions are functional for importing the crs-setup.conf and rules files.

Now, I do not know which part of what files are missing code, but perhaps this is the start of the instability.

Thank you for your time, @zimmerle.