Modsecurity and OWASP issue

Hey all,

I tried getting Modsec and OWASP going today using this tutorial

The block on phpinfo.php works, just the rules don't. I have renamed the crs-setup.conf and the before and after rule files and used the example of the direct path. I have been doing some tests that should be blocked, and it seems it does not recognize the owasp rules. I am somewhat familiar with Modsec/OWASP, have been using it on Nginx and compiling the modules for it myself, never had a single issue it is pretty straightforward on Nginx though the performance on it is dreadful (slow).

I am using the current release, 3.3.2, released on 30th of June 2021, not sure if that has something to do with it, and the modsec modules exist in the correct folders. I cannot find much more information.

Any advice on what I should check?

Thanks all.
Last edited:
Hmmm just re-reading the openlitespeed tutorial, they linked to a very old OWASP rule set hosted on Modsecurity, am I right to believe you need to run these old rules? My logs aren't telling me anything this is a bit confusing.

Can you run current updated rules?

Thanks in advance.