No fixed rule id "981050"

[muxcc]

Server version: Apache/2.4.10 (Debian)
Architecture: 64-bit
Server MPM: prefork

libapache2-mod-security2 (2.8.0-3)
modsecurity-crs (2.2.9-1)

/crs/modsecurity_crs_11_proxy_abuse.conf

If the fix in /etc/apache2/sites-enabled/site.conf

    <IfModule security2_module>
        SecRuleRemoveById  981050
    </IfModule>

The condition does not work and an error in site_error_log:

ModSecurity: Access denied with code 500 (phase 1). Match of "streq %{tx.geo_x-forwarded-for}" against "GEO:COUNTRY_CODE" required. [file "/etc/modsecurity'/crs/modsecurity_crs_11_proxy_abuse.conf"] [line "25"] [id "981050"] [rev "2.2.9"] [msg "Potential Open Proxy Abuse - GeoIP Country Code Mismatch of X-Forwarded-For Request Header and Client REMOTE_ADDR"]

The error in the logs is not lost.

[csanders-git]

This is likely due to the fact that SecRuleRemoveById needs to be included AFTER the rule is declared. If it is written before it attempts to remove a non-existant rule ID. Sorry for the delay.

[csanders-git]

Questions like this can be answered more quickly via the mailing list in the future sorry for the delay.

[muxcc]

Yes, you are right, you need to set the boot order of the configuration files.
Thank you!

[csanders-git]

no problem :)