Modsecurity after EasyApache3 to EasyApache4 transition

smess

Registered
Apr 7, 2019
4
1
3
Toronto, Canada
cPanel Access Level
Reseller Owner
Modsecurity stopped working after the transition from EasyApache3 to EasyApache4. The old EasyApache3 setup included Mod_ruid2 and the Mod_Security plugin.

When trying to install a ModSecurity Vendor (OWASP CRS V3.0) on the "WHM/ModSecurity Vendors" page, I get the following error message:
--------------
Error: The system experienced the following error when it attempted to install the “OWASP ModSecurity Core Rule Set V3.0” vendor: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: AH00526: Syntax error on line 53 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: SecRuleRemoveById requires at least one argument, rule ID for removal
--------------
When I inspect /etc/apache2/conf.d/modsec/modsec2.cpanel.conf the file is completely empty. There is no line 53.

I have tried using EasyApache4 to uninstall and reinstall ModSecurity but that made no difference. I believe the problem may be related to files or settings left over from the old ModSecurity plug-in install under easyapache3.
 

smess

Registered
Apr 7, 2019
4
1
3
Toronto, Canada
cPanel Access Level
Reseller Owner
Thanks for the response but that did not work. I got the following error messages:

Code:
# /scripts/rebuildhttpdconf
Initial configuration generation failed with the following message:
The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 20739) reported error number 1 when it ended.
httpd: Syntax error on line 253 of /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck: Syntax error on line 31 of /etc/apache2/conf.d/modsec2.conf: Could not open configuration file /etc/apache2/conf.d/modsec/modsec2.user.conf: No such file or directory
Rebuilding configuration without any local modifications.
Failed to generate a syntactically correct Apache configuration.
Bad configuration file located at /etc/apache2/conf/httpd.conf.work.d5177d3c
Error:
The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 20740) reported error number 1 when it ended.
httpd: Syntax error on line 253 of /etc/apache2/conf/httpd.conf.work.d5177d3c.cfgcheck: Syntax error on line 31 of /etc/apache2/conf.d/modsec2.conf: Could not open configuration file /etc/apache2/conf.d/modsec/modsec2.user.conf: No such file or directory
I found another version of modsec2.cpanel.conf at /usr/local/apache.ea3/conf/modsec2.cpanel.conf. Line 53 in that file has the SecRuleRemoveById error, so I commented line 53 out but did not move the file. Still got the original "line 53" error message.

It looks like the files needed are in /usr/local/apache.ea3/conf/ but I don't know if it is safe to move them, they may be an old version. The /etc/apache2/conf.d/modsec/ directory currently only has two empty files in it: modsec2.cpanel.conf and modsec2.user.conf.
 
Last edited:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,012
648
263
Houston
cPanel Access Level
DataCenter Provider
It's doing that because they're noted as includes elsewhere. Can you please open a ticket using the link in my signature? Also since you're not able to start apache this would be considered an emergency and I'd suggest you mark it as such so it gets immediate attention.

Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

smess

Registered
Apr 7, 2019
4
1
3
Toronto, Canada
cPanel Access Level
Reseller Owner
Apache is working and WHM/EasyApache 4 builds with the mod_security2 and mod_ruid2 options enabled without reporting any errors. Apache restarts without issue through WHM. The problem is ModSecuity is not working and I get errors when I try to change the setup to get it working.

I will open the ticket and post the ID.

Thanks.
 
  • Like
Reactions: cPanelLauren