Error while loading OWASP CRS on Nginx

[cattlemantech]

Hi, Please help resolve the below issue. the setup works fine with Basic test rule created using Nginx pdf. but it fails when include rules files in conf.

I am using Nginx 1.13.9 on Centos 7 with ModSecurity version is 3.0.0

please let me know if you need anymore details.

the error comes when i restart my Nginx server.
ginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf. Line: 157. Column: 390. Expecting a variable, got: : MULTIPART_SEMICOLON_MISSING},\ in /etc/nginx/nginx.conf:

below is our config under /etc/nginx/modsec/main.conf:

From https://github.com/SpiderLa...\

modsecurity.conf-recommended

Edit to set SecRuleEngine On

Include "/etc/nginx/modsec/modsecurity.conf"

Basic test rule

SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"

OWASP CRS v3 rules

Include /usr/local/owasp-modsecurity-crs-3.0.0/crs-setup.conf
Include /usr/local/owasp-modsecurity-crs-3.0.0/rules/*.confx

[victorhora]

@cattlemantech this is a known issue and there's already fix in the 3.1 dev branch: https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.1/dev

[victorhora]

Closing this one as already handled at #1021, #1023 and #995