Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

EA4 and Mod Security

Discussion in 'EasyApache' started by rpvw, Oct 7, 2016.

Tags:
  1. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    722
    Likes Received:
    245
    Trophy Points:
    93
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Sorry if I missed something about this - I have spent the morning checking mod-security (I can hear you groan from here !!) and it appears to be working in that:

    * I can trigger mod sec events, and they are correctly logged in the Apache error log and in the mod sec audit log
    * Triggered mod sec events seem to be correctly redirecting or denying access
    * LFD is reading the logs and correctly banning persistent offenders.


    What isn't working is the actual display of Home » Security Center »ModSecurity™ Tools » Hits List
    The last entry is just before I converted to EA4, and is reflected as the last entry in the database 'modsec', table' hits'
    I am guessing the Hits List display gathers it's data from the modsec database, but it would seem that the data isn't being written to the database any longer.

    * I do not run mod ruid or mpm itk in the EA4 config
    * Everything is completely up-to-date

    Have I missed something ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    722
    Likes Received:
    245
    Trophy Points:
    93
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hmmmmmm .....how is it you all knew if you left me long enough I'd make it work ?

    The only worry is - I don't know why it started working.

    After doing absolutely everything I could think of to no avail, I resorted to a server reboot. Now there was nothing to indicate that a server reboot would achieve anything, everything seemed to be working except the mod sec display in WHM, I restarted every daemon I could, and cPanel itself, and the /usr/bin/needs-restarting script returned nothing but, nevertheless, the ModSecurity™ Tools » Hits List started working after the reboot.

    I really object, on principle, to having to resort to reboots to solve problems, I got rid of winblows on all my servers and desktops some 15 years ago, and I feel somewhat betrayed by having to resort to a reboot to fix anything.

    Nevertheless - it DID fix the issue (mutter, mutter, grumble) - so I guess the moral of this story is:
    "When all else fails - reboot and hope for the best" :eek:

    Now I have to go and worry why I needed to resort to a reboot and couldn't find the solution the penguin way :( (need emoji for 'I need a large scotch')
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I like it. I'll see what can be done. :rolleyes:

    Without knowing the exact chain of events you went thru, hard to say what was happening but a server reboot was absolutely not needed imo. It did restart all services though, including Apache.

    Happy to hear you got it going. It's Friday, cheers! Martini_Emoji.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    722
    Likes Received:
    245
    Trophy Points:
    93
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    The Martini defiantly helped :-D

    That was what was so strange, prior to the reboot I had restarted every service I could; first using the WHM interface restart services, and then using the restartsrv_* scripts (and a couple that needed init.d calls) and nothing I found worked.

    I am sure I missed something - I just don't know what (hence the requirement for large amounts of alcohol :cool: )

    The important thing to take away from all of this is still that the conversion to EA4 worked beautifully and that the developers should all award themselves a pay rise o_O
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice