ModSecurity Rules update, many errors as a result.

[jols]

I just now updated to mod_security 2.7, and then when I tried to upgrade the rule-set some of the rules, most notably the main rule set: 10_asl_rules.conf produced so many errors that I had to disable it. The two errors that I am seeing the most include:

"Can only be specified by chain starter rules."
"Disruptive actions can only be specified by chain starter rules."

I upgraded so that the server would be more secure, but now I can not use the main set of modsec rules, so what can I do to get 10_asl_rules.conf going again?

 

[Infopro]

Did you update your rules to the latest as well? If not, you should.

ModSecurity Changes in EasyApache 3.16 - cPanel Forums

More from a quick search of these forums:
EasyApache ModSecurity error - cPanel Forums
easyapache is breaking 3rd party modsec rules (atomicorp/gotroot) - cPanel Forums

 

[jols]

Yes. I updated the rules and still have many errors. I've made out a support ticket to cpanel.net about this, still no response.

 

[quietFinn]

Yes. I updated the rules and still have many errors.

where did you get the rules?

 

[quizknows]

10_asl_rules.conf is part of the atomicorp rules.

It is possible your file is corrupted, or you have the 2.5.x ruleset with a 2.7.x install of modsec. If you are hosted at a managed service provider their staff should be able to fix this for you. That rule set is not provided by or managed by cPanel.

Try replacing the applicable files with the updated ones:

http://updates.atomicorp.com/channels/rules/delayed/modsec-2.7-free-latest.tar.gz