Modsec_vendor update failed [/scripts/modsec_vendor update failed]

[email protected]

Well-Known Member
Aug 3, 2016
59
5
8
Everywhere
cPanel Access Level
Root Administrator
Hello,
The last 3 days an error began with auto update of Modecurity rules.

Notification
Code:
[/usr/local/cpanel/scripts/modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_litespeed.yaml”: The vendor metadata does not contain an entry for your version of ModSecurity, “2.9.3”. The only versions of ModSecurity this rule set supports are “”.
E    [/usr/local/cpanel/scripts/modsec_vendor] The “/usr/local/cpanel/scripts/modsec_vendor update --auto” command (process 1229) reported error number 1 when it ended.
It's a cPanel bug with the version of ModSecurity or something else?
Any idea?
Thank you.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,883
606
273
cPanel Access Level
Root Administrator
Hey there! There should be a few lines before and after that entry that may give us more details. Specifically, I'd be interested to see if there is something like "The system could not restore the original configuration" listed in the log file. Can you see if there are more details? If you need to manually search for the log it would be located in /var/cpanel/updatelogs.
 

fuzzylogic

Well-Known Member
Nov 8, 2014
153
93
78
cPanel Access Level
Root Administrator
@[email protected],
During the 3 days you had problems the uri...
waf.comodo.com/doc/meta_comodo_litespeed.yaml
and
waf.comodo.com/doc/meta_comodo_apache.yaml
have been redirecting to...
waf.comodo.com/user
This caused the issue you were seeing.
cPanel's yaml parser must not have a relevant error message for when the response is an html file.

The 2 .yaml files are now publicly accessible again, so this issue show be resolved if you try to update the rules again.

My guess is that Comodo's site introduced an over-achieving catch-all .htaccess or apache conf redirect and did not notice the issue for a few days.
waf.comodo.com/sumfink
redirects to...
waf.comodo.com/user
 
  • Like
Reactions: [email protected]