We have added mod_sec rules in the past using whm > modsecurity tools > add rule with no issues.
We want to add the following, but got an error when trying to publish:
rule
error after trying to publish rule
/usr/local/apache/logs/error_log
We tried using CMC but that just corrupted everything, httpd wouldn't start, errors everywhere, so we deleted the rule from modsec2.user.conf and were able to start httpd.
Can't seem to find anything that explains this anywhere. We're obviously missing something.
specs:
whm/cpanel v.70.0.12
Apache/2.4.29 (cPanel) OpenSSL/1.0.2n mod_bwlimited/1.4
EasyApache 4
OWASP ModSecurity Core Rule Set V3.0
This happens on all cPanel servers we have, btw.
We want to add the following, but got an error when trying to publish:
rule
Code:
# Block POST requests by bots accessing wpad
# Whitelist file too just in case.
SecRule REQUEST_URI "wpad" "chain,id:1704,log,t:normalisePath,deny,status:403,msg:'Bot detected - Access denied'"
SecRule REQUEST_METHOD "POST" "chain"
SecRule REMOTE_ADDR "[email protected] /etc/csf/csf.ignore" "chain"
Code:
Error: The system could not deploy the configuration file “modsec/modsec2.user.conf”. Review the WHM error_log file for more details about the error.
Code:
AH00526: Syntax error on line 614 of /etc/apache2/conf.d/modsec_vendor_configs/OWASP3/crs-setup.conf:
ModSecurity: Disruptive actions can only be specified by chain starter rules.Can't seem to find anything that explains this anywhere. We're obviously missing something.
specs:
whm/cpanel v.70.0.12
Apache/2.4.29 (cPanel) OpenSSL/1.0.2n mod_bwlimited/1.4
EasyApache 4
OWASP ModSecurity Core Rule Set V3.0
This happens on all cPanel servers we have, btw.
Last edited:
