mod_security problems

**gal3ler** · 11-08-2005 02:23 AM

It appears after something has been written to the audit_log when running
10.8.1-R21 when you click on mod_security in WHM it shows up with the header
saying mod_security and the page blank.

http://bugzilla.cpanel.net/show_bug.cgi?id=3486

**bamasbest** · 11-08-2005 09:13 AM

Funny, no blank page for me 10.8.1-S23

Is your mysql database "modsec" being updated hoursly by the modsec cron job?

**paint** · 12-04-2005 02:44 PM

Make sure you have this in your httpd.conf

SecAuditEngine On
SecAuditLog logs/audit_log

This fixed the problem for me.

**paint** · 12-04-2005 04:00 PM

Also once you do that, you need to make a slight change.
pico /etc/cron.hourly/modsecparse.pl
go to the $dbpassword= line and get your password. Then,

pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.

**myusername** · 12-04-2005 06:25 PM

Not that the edit button works in Internet Explorer anyways if you do get it to show up you need to use FireFox

**kapOcha** · 04-10-2006 07:06 AM

Originally Posted by paint

Also once you do that, you need to make a slight change.
pico /etc/cron.hourly/modsecparse.pl
go to the $dbpassword= line and get your password. Then,

pico /usr/local/cpanel/whostmgr/docroot/cgi/addon_modsec.cgi
and make sure that the password for $dbpassword=" matches. If not, change it and save the file. Then it should show up fine for you.

Great! It worked for me.
bye

**stugster** · 10-31-2007 12:19 PM

Sorry to exhume such an old thread, but since upgrading to mySQL 5, I have been having this issue with the hourly cron too.

----------

/etc/cron.hourly/modsecparse.pl:

DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19 Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

----------

Also, on top of this error, a few clients are complaining that Horde is now giving the error:

"A fatal error has occured, could not connect to database for sql sessionhandler".

mySQL however appears to be working and querying the database through PHP or directly is working fine.

**HostIt** · 12-19-2007 01:49 AM

We're now experiencing the same problem here, across multiple servers. Every hour:

Code:

/etc/cron.hourly/modsecparse.pl:

DBI connect('modsec:localhost','modsec',...) failed: Access denied for user 'modsec'@'localhost' (using password: YES) at /etc/cron.hourly/modsecparse.pl line 19
Unable to connect to mysql database at /etc/cron.hourly/modsecparse.pl line 19.

I've checked the two passwords as per the previous post by "paint" and they do appear to match in all cases. Also, as per paint's other post, the following lines are already included in httpd.conf by default via /usr/local/apache/conf/modsec.conf

Code:

SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log

Any chance somebody might have found a fix for this?

**rsutc** · 01-09-2008 12:18 PM

Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec.user.conf"
</IfModule>

However, this material is NOT in the usr/local/apache/confhttp.conf file

One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

What has to be done?

**rsutc** · 01-10-2008 08:36 AM

Maybe I could ask the question this way. What are the (paths to) scripts that shut down mod security and restart it?

Rick

**jsnape** · 05-20-2008 01:51 AM

Originally Posted by rsutc

Following an upgrade to MySQL 5, I also have the same problem. I have checked the passwords match per the above and all is OK. I have looked at the template for modsec and find it contains
<IfModule mod_security.c>
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterForceByteRange 0 255
SecAuditEngine RelevantOnly
SecAuditLog logs/audit_log
SecFilterDebugLog logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:406"
SecFilterSelective REMOTE_ADDR "^127.0.0.1$" nolog,allow
Include "/usr/local/apache/conf/modsec.user.conf"
</IfModule>

However, this material is NOT in the usr/local/apache/confhttp.conf file

One possible way to proceed would be to use whm/plugins/Mod Security and turn it off then on again. However, that choice produces only a blank screen

What has to be done?

For anyone reading this post - the same thing happened to me. Upgraded to Apache 2.2, and mod security was producing a blank screen.

I fixed it by emptying the *huge* (1.9GB) modsec table in mysql and recompiled apache.

**wolfy** · 05-21-2008 10:07 AM

fyi. whm/plugins/Mod Security is now obsoliete.
instalation of mod_security is now handled by easyapache3

**FeeL** · 07-13-2009 01:54 PM

I had the same error told by stugster.
Should I disable the whm/plugins/Mod Security ?
Whould it prevent the error of the cron?

Thank you.

LinkBack

Thread Tools

mod_security problems

Upgrading mysql

Mod_Security to go from 2.1 to 2.5

Mod_security

Anybody using mod_security 2.x yet ?

mod_security ???