EasyApache ModSecurity error

[DJzz]

Hi,

I've never had problems with EasyApache before but I updated PHP to 5.3.21 and EasyApache failed with the following error:

Syntax error on line 42 of /usr/local/apache/conf/modsec/10_asl_rules.conf:
ModSecurity: Metadata actions (id, rev, msg, tag, severity, ver, accuracy, maturity, logdata) can only be specified by chain starter rules.

I'm using GotRoot modsec-2.7-free-latest.tar.bz2 dated Feb 09 2013 12:31:54.

If I comment out

#Include /usr/local/apache/conf/modsec/10_asl_rules.conf

in modsec2.user.conf then EasyApache builds.

Has anyone experienced the same problem?

Thanks

 

[PlotHost]

The free GotRoot rules are delayed (60-90 days I think). I suppose something changed recently ..

 

[Infopro]

You may find this thread useful:
ModSecurity Changes in EasyApache 3.16 - cPanel Forums

 

[DJzz]

Yep thanks, that explains the problem.

Do you know if GotRoot have added rule IDs and fixed syntax errors in the realtime rules or if it's something we have to add ourselves?

 

[Infopro]

I updated EasyApache, and then updated my gotroot rules.

 

[cPanelJamyn]

Mod Security has been updated a few times over the last 6 months, and they've made config value changes in 2.7.0 and 2.7.1 which broke existing rulesets. We attempt to "auto-convert" older rulesets on the fly, but as you know it's not a perfect process.

I think the changes in EasyApache 3.18.0 and 3.18.1 addressed the issue you were facing here. One of the Atomic rules was a chained rule with comments in-between the first and second part of the chain. The parser mis-understood where the chain started/stopped at that stage.