Hi, On Fri, Jul 04, 2025 at 07:11:52PM +0000, Lloyd wrote: > I gave this some fresh thought and I now suspect the root cause lies within > the modsecurity-crs package, which ironically is not mentioned anywhere in > the error messages. This may provide some important missing context. > > Once modsecurity was disabled and I was successfully able to reinstall all > the packages, I had to remove the following two offending lines from > /usr/share/modsecurity-crs/owasp-crs.load before nginx would start: > > IncludeOptional > /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf > > IncludeOptional > /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf > > I now suspect this issue may have cascaded and caused the error messages > which blocked the package upgrades.
this is a very important information. After the first mail with this issue I thought the bug appears because of the OS upgrade. And yes, now I'm sure the reason is that - but not because of the connector. The problem is that libmodsecurity3 (the WAF library that Nginx uses via libngnx-mod-http-modsecurity module) does not support `IncludeOptional` directive. If someone install the package first, this issue comes always. Now you upgraded the system, and you upgraded modsecurity-crs package too - which overrided your `Include` directive (I guess). I think we should replace the mentioned `IncludeOptional` directive with the `Include`. a.
