When I work with Centos 7 on the Linux Academy server, I have no problem implementing the ModSecurity rules, and it works right out of the box. However I am also working with opensuse Leap 15 on my own computer. and I have encountered a few difficulties when creating the file modsecurity_includes.conf. When running nginx -t , I had three errors coming from the following requests:
As soon as I commented them , nginx worked fine and I was able to simulate successfully a cross-site scripting attack on blog.example.com, as shown in the lecture.
When disabling temporarily Selinux, I have also the same errors.
My working hypothesis is that there is some code in these files incompatible with the configuration of Leap 15. Indeed, when looking which distros are compatible with modsecurity, opensuse Leap 15 is not one of them.