Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Problem with ModSecurity Vendors

Discussion in 'Security' started by Motamedi, Mar 13, 2019.

  1. Motamedi

    Motamedi Well-Known Member

    Joined:
    Mar 14, 2015
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Iran , Tehran
    cPanel Access Level:
    Root Administrator
    hello

    this error show to ModSecurity when enable or delete vendor

    and show this error when add new vendor

    Code:
    
    Error: API failure: The system could not download the file “https://waf.comodo.com/doc/meta_comodo_litespeed.yaml” curl: (28) Resolving timed out after 1549399935847 milliseconds
    
    
    How to solve this problem ?!

    thanks ...
     
    #1 Motamedi, Mar 13, 2019
    Last edited by a moderator: Mar 13, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Motamedi

    It would seem you have the 3rd party comodo WAF ruleset installed on the server which is ultimately causing issues. I'd suggest removing the 3rd party plugin and then trying to rebuild + restart apache.

    In other instances we've seen the litespeed/comodo related entries in the following being removed as resolving the issue as well:
    Code:
    /etc/apache2/conf.d/modsec/modsec2.cpanel.conf 
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Motamedi

    Motamedi Well-Known Member

    Joined:
    Mar 14, 2015
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Iran , Tehran
    cPanel Access Level:
    Root Administrator
    @cpanellauren thanks for answer

    Please give me detailed and complete training
    What should I do to solve my problem?
    Tell me all the commands you need

    thanks
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Motamedi

    First I would attempt to disable/remove the plugin while the issue is occurring:

    Log in to WHM>>Security Center>>ModSecurity Vendors and disable or delete the Comodo Vender there.

    Then let us know if the issue persists.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Motamedi

    Motamedi Well-Known Member

    Joined:
    Mar 14, 2015
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Iran , Tehran
    cPanel Access Level:
    Root Administrator
    i'm deleted Comodo vender , but i can not add again

    this error show when add vendor

    How to solve the problem
    Can i add again?

    thanks
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,

    First I'd ensure that you can restart apache successfully.

    Secondly, the error you're getting would suggest a connection issue with Comodo WAF and until that is resolved you won't be able to utilize their ruleset. To troubleshoot that you'd need to contact them directly.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Motamedi

    Motamedi Well-Known Member

    Joined:
    Mar 14, 2015
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Iran , Tehran
    cPanel Access Level:
    Root Administrator
    Unfortunately, after a few days, my problem was not resolved
    I entered this command in SSH and show this error


    Code:
    
    -bash-4.2# /usr/local/cpanel/scripts/modsec_vendor add https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
    warn [modsec_vendor] The system could not add the vendor: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/05_Global_Exceptions.conf: No such file or directory
    
    
    info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
    warn [modsec_vendor] The system could not uninstall the vendor: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 27 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or directory
    
    
    warn [modsec_vendor] The system failed to add the vendor from the URL “Free ModSecurity Rules from Comodo: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/05_Global_Exceptions.conf: No such file or directory
    
    -bash-4.2#
    
    
    
    How to solve the problem?

    thanks
     
    #8 Motamedi, Mar 19, 2019
    Last edited by a moderator: Mar 19, 2019
  9. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,829
    Likes Received:
    476
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are these docs of any use to you?
    litespeedtech.com/support/wiki/doku.php/litespeed_wiki:waf:comodo
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    119
    Likes Received:
    68
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Reading the warnings you got when you tried to add the vendor meta_comodo_litespeed.yaml
    It appears you have two vendor rulesets partially deleted.

    It seems the first issue happened with cxs rule where the .conf file was deleted but the Include to it was not deleted.
    Secondary to this a litespeed .conf was deleted but the Include to it was not.

    When you add/remove modec vendor or enable/disable a modsec ruleset apache's
    /etc/apache2/conf/httpd.conf
    is rebuilt using the newly edited modsec files.
    In your case this rebuild process failing because of the Includes to missing files in
    /etc/apache2/conf.d/modsec/modsec2.cpanel.conf

    To test the rebuild process run the command (do it now so you can compare the output later)...
    /scripts/rebuildhttpdconf
    It should produce errors similar to the ones you posted earlier.

    Now you need to edit
    /etc/apache2/conf.d/modsec/modsec2.cpanel.conf
    If you do not know how to open, edit and save files on the command line then the ConfigServer ModSecurity Control plugin can provide a gui to edit this file.
    You need to remove all lines in that file which have an Include to a .conf file.
    Then save the file.
    This should fix the missing file errors and allow httpd.conf to rebuild.
    Run
    /scripts/rebuildhttpdconf
    to see if you now have success.
    If you have success I would now restart apache...
    /usr/local/cpanel/scripts/restartsrv_httpd

    If you have success with restarting Apache, move on to the WHM » Security Center »ModSecurity™ Vendors » Manage Vendors interface.
    Delete the vendor ConfigServer
    Delete the vendor Comodo

    If success move on to add
    https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
    using the WHM interface or with the ssh command you ran in the other post.

    Go to CXS interface and enable modsecurity integration to restore its functionality.
    Go back to WHM » Security Center »ModSecurity™ Vendors » Manage Vendors interface to ensure CXS rule is installed and enabled.
     
    netluxe and Infopro like this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice