Author Topic: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?  (Read 106 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« on: June 26, 2026, 07:22:42 AM »
Hello everyone,

After I install/upgrade ModSecurity to the latest OWASP_CRS/4.27.0 version, it stops working the next day. When I check it, one of the files has somehow reverted to OWASP_CRS/3.3.2 again.

Does CWP run some kind of automatic task that causes this, or how does this happen?

Fortunately, I had a backup and restored it and then locked the entire folder along with all its files. Hopefully that will stop it from happening again.

For any ideas or suggestions, I'd really appreciate them. :)

Offline
*****
Re: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« Reply #1 on: June 26, 2026, 11:55:03 AM »
Are you running ModSecurity 2.9.13? It should be the latest in the 2.9.x series to be compatible with CWP:
https://starburst.help/control-web-panel-cwp/modsecurity-running-with-control-web-panel/update-modsecurity-to-2-9-13-running-cwp-and-apache-on-almalinux-8-9/

Offline
*****
Re: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« Reply #2 on: June 26, 2026, 10:50:54 PM »
Odd.

CWP doesn't run ModSecurity 3 (Mostly was a test for Nginx) and/or the 3.x ruleset it loads.

If anything CWP would load a really old 2.x ruleset.

Offline
*
Re: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« Reply #3 on: June 27, 2026, 09:42:38 AM »
Thanks for the input, guys! I'm actually on version 2.9.1. Since it kept reverting, I ended up just locking the whole directory down using chattr -R +i so nothing can overwrite or modify the files anymore. It's been running perfectly ever since! :)

Offline
*****
Re: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« Reply #4 on: June 27, 2026, 02:24:03 PM »
You should update to 2.9.13, there have been past CVE's on older versions.

Offline
*
Re: OWASP_CRS 4.27.0 keeps reverting to 3.3.2 after one day?
« Reply #5 on: June 27, 2026, 08:36:47 PM »
Thanks for the tip! I checked it again, and it looks like I'm actually already running version 2.9.13. In that case, I should be in pretty good shape. 🙂
Of course, it's sometimes annoying when a few functions in the admin dashboard stop working because of the rules, but I simply exclude those specific rule IDs for certain paths only, to keep the exceptions as narrow as possible. 🙂