mod_security completely messed up beyond repair

T

The German

Registered
Nov 23, 2016
3
4
53
USA
cPanel Access Level
Website Owner
Suddenly (I assume due to to cpanel automatic update), the complete mod_security configuration is gone and almost all related files are missing.

  1. When trying to save the configuration (Home »Security Center »ModSecurity™ Configuration »Configure Global Directives)
    I get the message here:
    Error: The system could not save your ModSecurity™ settings because of the following error: The system could not save some of the settings.

  2. The vendor management is corrupted as well (Home »Security Center »ModSecurity™ Vendors »Manage Vendors)https://secure.managed-hosts.com:2087/cpsess2386655824/scripts2/manage_mod_security_vendors/vendors
    It shows OWASP "This vendor is not installed", when clicking on the "install" button, the only thing that happens is an error message:

    Error: The system experienced the following error when it attempted to install the “OWASP ModSecurity Core Rule Set” vendor: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd: Syntax error on line 219 of /etc/apache2/conf/httpd.conf: Syntax error on line 32mo of /etc/apache2/conf.d/modsec2.conf: Could not open configuration file /etc/apache2/conf.d/modsec/modsec2.user.conf: No such file or directory

    Line 219 in httpd.conf:
    Include "/etc/apache2/conf.d/*.conf"

    Line 32 in modec2.conf:
    Include /etc/apache2/conf.d/modsec/modsec2.cpanel.conf

  3. File /etc/apache2/conf.d/modsec/modsec2.user.conf exists but has a zero byte size
This is beyond frustrating - everything was working (including cxs!) and now EVERYTHING has been erased and Cpanel is unable to even fix the problem. What a mess...

Any thoughts?
 
N

Nathaniel Evans

Registered
Jan 10, 2017
1
0
76
nj
cPanel Access Level
Root Administrator
Hi. I have the same problem. I recently upgraded to Easy Apache 4 and now I get this--
Error:The system experienced the following error when it attempted to install the “OWASP ModSecurity Core Rule Set” vendor: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd: Syntax error on line 223 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 28 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or directory

Please help. What am I doing wrong?
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello @Nathaniel Evans,

To update, it looks like this issue was addressed via a support ticket with the following commands:

Code: 
# mkdir /etc/apache2/conf.d/modsec_vendor_configs/configserver
# touch /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf
Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
G Performance of mod_security2, mod_unique_id, and modsec2-rules-owasp-crs Web Servers and Applications 2
dzamanakos php, mod_security, ea4 and litespeed Web Servers and Applications 4
O Disabling several mod_security rules due to 403 response to POST request? Web Servers and Applications 6
S Error 500 when browser refreshed - is mod_security the cause? Web Servers and Applications 13
G HTTPD conflict with mod_security? Web Servers and Applications 2
Similar threads
Performance of mod_security2, mod_unique_id, and modsec2-rules-owasp-crs
php, mod_security, ea4 and litespeed
Disabling several mod_security rules due to 403 response to POST request?
Error 500 when browser refreshed - is mod_security the cause?
HTTPD conflict with mod_security?
Top Bottom