The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache PCI compliant settings cause services to stop

Discussion in 'General Discussion' started by bulewold, Feb 3, 2015.

  1. bulewold

    bulewold Member

    Joined:
    Jan 29, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This may be a dumb question but when I was trying to change some settings under apache configuration -> global and changed few settings to PCI recommended, following another instruction page I found to make server more secure.... after clicking submit, it stopped all my web service.

    My guess is that when I change any settings on apache, it forgets all current web server settings and I have to reset it (or way to restore?) in order for my websites to work again, right?

    Little insight on this would be helpful. Thank you.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello bulewold,

    I've moved this to a new thread to ensure this topic has its own discussion.

    Apache does rebuild and restart during the process of changing settings in WHM's Apache Configuration >> Global Configuration area, but websites and Apache services should start after a short rebuild and restart process. Can you tail the Apache error log next time you try to do this and post the results? The error log is at /usr/local/apache/logs/error_log location, and this is the command to use to tail it:

    Code:
    tail -fn0 /usr/local/apache/logs/error_log
    Please try to load your site after the Apache configuration area shows a successful restart from the Global Configuration changes. This way we can see what is happening.

    Of note, all current settings are not forgotten on saving the Global Configuration area. Apache updates the settings you choose to update, but any settings that are not changed would remain the same. Changing the server to be PCI compliant would really only cause a possible issue if you are using CentOS 5, since it won't support the newer cipher protocols that might be needed for better security.

    Thanks!
     
  3. bulewold

    bulewold Member

    Joined:
    Jan 29, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yup, happened again. Everything worked fine. I did make some changes like rebuilding apache with new profile but I tested everything was working fine afterwards.

    I then followed security checklist and changed 'Server Signature' from on to off under Apache global settings to PCI recommended settings, NOTHING ELSE and I noticed all the websites are down.

    I even tried rebuildling it using profile and restarting server but did not work.
    Here's what I got from error log.

    [Sun Feb 08 22:41:06.374194 2015] [:error] [pid 1219] [client 66.249.67.83:59763] SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
    [Sun Feb 08 22:41:06.374258 2015] [core:error] [pid 1219] [client 66.249.67.83:59763] End of script output before headers: index.php
    [Sun Feb 08 22:41:06.376822 2015] [:error] [pid 1219] [client 66.249.67.83:59763] SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
    [Sun Feb 08 22:41:06.376858 2015] [core:error] [pid 1219] [client 66.249.67.83:59763] End of script output before headers: index.php

    As you mentioned, simply changing settings to PCI recommende settings shouldn't make server to crash but I'm getting 500 internal server error and nothing is working on my WP sites.
    Now, it does however load HTML only site.
     
    #3 bulewold, Feb 9, 2015
    Last edited: Feb 9, 2015
  4. bulewold

    bulewold Member

    Joined:
    Jan 29, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok, this has been resolved. For whatever reason when I did it today with Godaddy on the line, it did not happen. I also noticed that Server Signature is off this time which was different. I think through system restore, it somehow got fixed.... Weird.....
     
Loading...

Share This Page