How to include same modsecurity rules in multiple virtual hosts without changing the id for each rule and each host?

Question

I have multiple virtual hosts with Modsecurity enabled. I want to assign multiple OWASP rules (from the base_rules folder) like SQL injection to multiple virtual hosts. I have included them in my virtual host files, but I get the following message when I reload apache:

ModSecurity: Found another rule with the same id Action '-t' failed. 

The Apache error log may have more information.

How can I include these base rules in multiple virtual hosts without changing the id for each rule? The server is meant to proxy to a lot of virtual hosts, so changing the ID for each rule and each host would be a lot of work to do manually.

Answer 1

Including the rules at VHOST level did the trick.
The config which causes the error:

IncludeOptional folder_to_rules/modsecurity_crs_41_xss_attacks.conf
<VirtualHost *:80>
    ServerName example.com
    SecRuleEngine On

</VirtualHost>

Solution:

<VirtualHost *:80>
    ServerName example.com
    SecRuleEngine On
    IncludeOptional folder_to_rules/modsecurity_crs_41_xss_attacks.conf
</VirtualHost>

Answer 2

Include them at the server level and not the vhost level.

If you don't need them for certain vhosts then you can write ModSecurity rules to exclude some or all of the rules based on the incoming host header.