EasyApache ModSecurity error

DJzz

Registered
Feb 10, 2013
2
0
1
cPanel Access Level
Root Administrator
Hi,

I've never had problems with EasyApache before but I updated PHP to 5.3.21 and EasyApache failed with the following error:

Syntax error on line 42 of /usr/local/apache/conf/modsec/10_asl_rules.conf:
ModSecurity: Metadata actions (id, rev, msg, tag, severity, ver, accuracy, maturity, logdata) can only be specified by chain starter rules.
I'm using GotRoot modsec-2.7-free-latest.tar.bz2 dated Feb 09 2013 12:31:54.

If I comment out

#Include /usr/local/apache/conf/modsec/10_asl_rules.conf
in modsec2.user.conf then EasyApache builds.

Has anyone experienced the same problem?

Thanks
 

DJzz

Registered
Feb 10, 2013
2
0
1
cPanel Access Level
Root Administrator
Yep thanks, that explains the problem.

Do you know if GotRoot have added rule IDs and fixed syntax errors in the realtime rules or if it's something we have to add ourselves?
 

cPanelJamyn

Social Engineer
Staff member
Jan 29, 2009
105
2
143
Mod Security has been updated a few times over the last 6 months, and they've made config value changes in 2.7.0 and 2.7.1 which broke existing rulesets. We attempt to "auto-convert" older rulesets on the fly, but as you know it's not a perfect process.

I think the changes in EasyApache 3.18.0 and 3.18.1 addressed the issue you were facing here. One of the Atomic rules was a chained rule with comments in-between the first and second part of the chain. The parser mis-understood where the chain started/stopped at that stage.