ModSecurity: collection_store: Failed to access DBM file

[esultanzada]

Hello,

I have problem with mod security, i installed whmcs when i want to edit General Setting and click on save i got the following error:

Forbidden

You don't have permission to access /***/configgeneral.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

when i check the error log this is the error log:

[Thu Jul 10 16:47:57 2014] [error] [client ***] File does not exist: /home/***/public_html/**/403.shtml, referer: http://***/configgeneral.php
[Thu Jul 10 16:47:57 2014] [error] [client ***] ModSecurity: collection_store: Failed to access DBM file "/tmp/ip": Permission denied [hostname "***"] [uri "/***/configgeneral.php"] [unique_id "U76EdbAJvvYAAG5wGKUAAAAB"]

please give me advise to fix this problem?

 

[quizknows]

First, check that /tmp is set to 1777 permissions (as it should be).

Second, look at the files in /tmp. for a collection store called "ip", there should be an ip.dir file and an ip.pag file.

Assuming you are not using mod ruid2, these collections should be owned by "nobody" (the Apache user.) If you are using mod_ruid2 you may need to make sure easyapache is up to date and re-run a build.

Most likely though, either /tmp itself, or ip.dir or ip.pag has incorrect permissions. Make sure those files are writeable by the web server.

 

[esultanzada]

First, check that /tmp is set to 1777 permissions (as it should be).

Second, look at the files in /tmp. for a collection store called "ip", there should be an ip.dir file and an ip.pag file.

Assuming you are not using mod ruid2, these collections should be owned by "nobody" (the Apache user.) If you are using mod_ruid2 you may need to make sure easyapache is up to date and re-run a build.

Most likely though, either /tmp itself, or ip.dir or ip.pag has incorrect permissions. Make sure those files are writeable by the web server.

there is no ip.dir and ip.pag file in /tmp/ip . how these thing create? what should i do?

 

[quizknows]

What are your ownership and permissions on /tmp ?

The files should be directly in /tmp, just called /tmp/ip.dir and /tmp/ip.pag

Also, make sure these are set in modsec2.user.conf or another modsec includes file:

SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecRequestBodyAccess On

 

[cPanelMichael]

Hello

Note that if you are not sure how to check permission values on the /tmp directory, you can use a command such as:

stat /tmp

Thank you.

 

[esultanzada]

What are your ownership and permissions on /tmp ?

The files should be directly in /tmp, just called /tmp/ip.dir and /tmp/ip.pag

Also, make sure these are set in modsec2.user.conf or another modsec includes file:

SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecRequestBodyAccess On

here is the result of stat /tmp:

File: `/tmp'
Size: 2412544 Blocks: 4728 IO Block: 4096 directory
Device: 700h/1792d Inode: 2 Links: 34
Access: (1777/drwxrwxrwt) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2014-07-18 10:07:18.000000000 +0430
Modify: 2014-07-18 10:08:14.000000000 +0430
Change: 2014-07-18 10:08:14.000000000 +0430

also i added the following to modsec2.user.conf

SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecRequestBodyAccess On

now what should i do?

- - - Updated - - -

Hello

Note that if you are not sure how to check permission values on the /tmp directory, you can use a command such as:

stat /tmp

Thank you.

Thank you Michael

 

[quizknows]

That all looks good. Are you continuing to get the error "collection_store: Failed to access DBM file "/tmp/ip"" after restarting apache?

 

[esultanzada]

That all looks good. Are you continuing to get the error "collection_store: Failed to access DBM file "/tmp/ip"" after restarting apache?

Unfortunately yes its not fix.

 

[cPanelMichael]

Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[sonicthoughts]

This is likely related to MUTEX locking and Modesc / GEOIP. Can really slow down the server.