SOLVED mod_sec conficting information in logs Failed to access DBM

jeffschips

Well-Known Member
Jun 5, 2016
221
23
68
new york
cPanel Access Level
Root Administrator
Hello. I hope everyone is safe and healthy.

I've been having an issue with conflicting log information. When ruid is ON I am recieving the following conflict between two logs and despite the bad error in apache error logs users are reportin a mix of pages loading and some report pages don't load. The below snippet is from the same user accessing the same page but I get both a good load in apache logs and a failed message in error logs.

Code:
Good apache domain logs:
2600:xxxx:xxxx:xxxx:xxxx: - - [02/Oct/2021:12:55:09 -0400] "GET /images/favicon.ico HTTP/1.1" 200 1150 "https://xxxxxxx.com/menu/bla-bla-bla" "Mozilla/5.0 (Linux; Android 11; SM-G973U Build/RP1A.200720.012; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/94.0.4606.61 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/338.1.0.36.118;]"



Bad from apache error logs:
[Sat Oct 02 12:55:09.889478 2021] [:error] [pid 1582] [client 2600:xxxx:xxxx:xxxx:xxxx::xxxxx] [client 2600:xxxx:xxxx:xxxx:xxxx:] ModSecurity: collection_store: Failed to access DBM file "/var/cpanel/secdatadir/xxxxxxxxxx-default_SESSION": Permission denied [hostname "xxxxxxx.com"] [uri "/images/favicon.ico"] [unique_id "xxxxxxxxxxxx"], referer: https://nxxxxxxx.com/menu/bla-bla-bla
When I switch ruid off in apache4 the bad doesn't report errors.

Is it unsafe to run with ruid whilst still getting those bad errors?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,519
1,028
313
cPanel Access Level
Root Administrator
Hey there! That's a common issue with ModSecurity as it doesn't work with ruid2. You're fine to switch to suexec to work around this problem, as that is our official recommendation:


Let me know if you still see issues after that change.