Comments on: How to Set Up ModSecurity with Apache on Debian/Ubuntu

By: Ravi Saive

Ravi Saive — Thu, 22 May 2025 05:20:59 +0000

In reply to Seth.

@Seth,

Hey, thanks for the heads-up!

Yeah, on Debian 12 (Bookworm), running this as-is can cause duplicate rules which will stop Apache from starting — definitely something to watch out for. About your question, these days the core ruleset usually comes bundled with the modsecurity-crs package, so you probably don’t need to install it separately anymore.

I’ll update the article soon to make this clearer and help avoid confusion for others using Debian 12.

Really appreciate you pointing this out!

By: Seth

Seth — Wed, 21 May 2025 18:49:11 +0000

Don’t run this on Debian 12 (Bookworm) It will create duplicate rules and Apache won’t start. Is the coreruleset already installed with modsecurity-crs anyways now?

By: Felipe Lima

Felipe Lima — Thu, 03 Oct 2024 19:20:05 +0000

Had a problem with duplicated rule IDs. At the point in the guide where you have to edit /etc/apache2/mods-enabled/security2.conf, make sure it contains the following lines:

IncludeOptional /etc/modsecurity/*.conf
Include /etc/modsecurity/rules/*.conf

Make sure you also comment out the last line like this, or else it will load the rules twice:

#IncludeOptional /usr/share/modsecurity-crs/*.load

By: Leonardo

Leonardo — Tue, 14 Mar 2023 13:20:10 +0000

3 hours of my day wasted. I tried to install on my old aws ec2 ubuntu 18.04.6 LTS instance and only had problems: &MULTIPART_PART_HEADERS as posted by @Gustavo and errors of multiple duplicate RULE IDs that stop Apache from running.

The problem is: There is no notice at the top of the page of which minimum version(s) of your operating system or libs is required for this to work. That would save a lot of time.

By: Gustavo

Gustavo — Sun, 11 Sep 2022 18:08:25 +0000

I have an error restarting apache2,

unknown variable &MULTIPART_PART_HEADERS
in file: /etc/modsecurity/rules/REQUEST-922-MULTIPART-ATTACK.conf