- Server operating system version
- Ubuntu 20.04.5 LTS
- Plesk version and microupdate number
- 18.0.49 #2
Hello,
How to upgrade ModSecurity 3.0 (nginx) to 3.0.8 safely ?
I use ModSecurity 3.0 + OWASP, and in the documentation of OWASP, a notice is mentioned:
From CRS 3.2.2, 3.3.3 and up, ModSecurity 2.9.6 or 3.0.8 (or versions with backported patches) are required due to the addition of new protections. We recommend upgrading your ModSecurity as soon as possible. If your ModSecurity is too old, your webserver will refuse to start with an Unknown variable: &MULTIPART_PART_HEADERS error. If you are in trouble, you can temporarily delete file rules/REQUEST-922-MULTIPART-ATTACK.conf as a workaround and get your server up, however, you will be missing some protections. Therefore we recommend to upgrade ModSecurity before deploying this release.
How to upgrade ModSecurity 3.0 (nginx) to 3.0.8 safely ?
I use ModSecurity 3.0 + OWASP, and in the documentation of OWASP, a notice is mentioned:
From CRS 3.2.2, 3.3.3 and up, ModSecurity 2.9.6 or 3.0.8 (or versions with backported patches) are required due to the addition of new protections. We recommend upgrading your ModSecurity as soon as possible. If your ModSecurity is too old, your webserver will refuse to start with an Unknown variable: &MULTIPART_PART_HEADERS error. If you are in trouble, you can temporarily delete file rules/REQUEST-922-MULTIPART-ATTACK.conf as a workaround and get your server up, however, you will be missing some protections. Therefore we recommend to upgrade ModSecurity before deploying this release.