Symptoms
-
The following ModSecurity error message appears in the Application log of the Event Viewer:
The description for Event ID 1 from source ModSecurity cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
SecReadStateLimit is depricated, use SecConnReadStateLimit instead.
-
OWASP (free) is being used under Tools & Settings > Web Application Firewall (ModSecurity)
-
Experimental rule-set (
owasp_crsexperimental_rules) is enabled in the ModSecurity configuration fileC:Program FilesModSecurity IISmodsecurity_iis.conf.
Cause
Going to Tools & Settings > Web Application Firewall (ModSecurity), shows that ModSecurity 2.8 or higher is installed.
The directive SecReadStateLimit has been deprecated starting with ModSecurity version 2.8.0.
Resolution
This error message can be safely ignored as there is no impact on the ModSecurity operability.
Workaround
-
Connect to the server via RDP.
-
Remove the following line in
C:Program FilesModSecurity IISmodsecurity_iis.conf:Include owasp_crsexperimental_rules
-
Go to Tools & Settings > Web Application Firewall (Mod Security)
-
At Web application firewall mode select the checkbox Off and click Apply.
-
Select again On at Web application firewall mode and click OK to apply the changes.
with