Problem with ModSecurity Vendors

Motamedi

Well-Known Member
Mar 14, 2015
81
0
6
Iran , Tehran
cPanel Access Level
Root Administrator
hello

this error show to ModSecurity when enable or delete vendor

Error: The system experienced the following error when it attempted to remove the vendor COMODO ModSecurity LiteSpeed Rule Set: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 27 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or directory
and show this error when add new vendor

Code:
Error: API failure: The system could not download the file “https://waf.comodo.com/doc/meta_comodo_litespeed.yaml” curl: (28) Resolving timed out after 1549399935847 milliseconds
How to solve this problem ?!

thanks ...
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello @Motamedi

It would seem you have the 3rd party comodo WAF ruleset installed on the server which is ultimately causing issues. I'd suggest removing the 3rd party plugin and then trying to rebuild + restart apache.

In other instances we've seen the litespeed/comodo related entries in the following being removed as resolving the issue as well:
Code:
/etc/apache2/conf.d/modsec/modsec2.cpanel.conf
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello @Motamedi

First I would attempt to disable/remove the plugin while the issue is occurring:

Log in to WHM>>Security Center>>ModSecurity Vendors and disable or delete the Comodo Vender there.

Then let us know if the issue persists.


Thanks!
 

Motamedi

Well-Known Member
Mar 14, 2015
81
0
6
Iran , Tehran
cPanel Access Level
Root Administrator
Hello @Motamedi

First I would attempt to disable/remove the plugin while the issue is occurring:

Log in to WHM>>Security Center>>ModSecurity Vendors and disable or delete the Comodo Vender there.

Then let us know if the issue persists.


Thanks!
i'm deleted Comodo vender , but i can not add again

this error show when add vendor

Error: API failure: The system could not download the file “Free ModSecurity Rules from Comodo: curl: (28) Resolving timed out after 1549363132798 milliseconds
How to solve the problem
Can i add again?

thanks
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,

First I'd ensure that you can restart apache successfully.

Secondly, the error you're getting would suggest a connection issue with Comodo WAF and until that is resolved you won't be able to utilize their ruleset. To troubleshoot that you'd need to contact them directly.
 

Motamedi

Well-Known Member
Mar 14, 2015
81
0
6
Iran , Tehran
cPanel Access Level
Root Administrator
Unfortunately, after a few days, my problem was not resolved
I entered this command in SSH and show this error


Code:
-bash-4.2# /usr/local/cpanel/scripts/modsec_vendor add https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
warn [modsec_vendor] The system could not add the vendor: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/05_Global_Exceptions.conf: No such file or directory


info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system could not uninstall the vendor: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 27 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or directory


warn [modsec_vendor] The system failed to add the vendor from the URL “Free ModSecurity Rules from Comodo: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/05_Global_Exceptions.conf: No such file or directory

-bash-4.2#
How to solve the problem?

thanks
 
Last edited by a moderator:

fuzzylogic

Well-Known Member
Nov 8, 2014
149
89
78
cPanel Access Level
Root Administrator
Reading the warnings you got when you tried to add the vendor meta_comodo_litespeed.yaml
It appears you have two vendor rulesets partially deleted.

It seems the first issue happened with cxs rule where the .conf file was deleted but the Include to it was not deleted.
Secondary to this a litespeed .conf was deleted but the Include to it was not.

When you add/remove modec vendor or enable/disable a modsec ruleset apache's
/etc/apache2/conf/httpd.conf
is rebuilt using the newly edited modsec files.
In your case this rebuild process failing because of the Includes to missing files in
/etc/apache2/conf.d/modsec/modsec2.cpanel.conf

To test the rebuild process run the command (do it now so you can compare the output later)...
/scripts/rebuildhttpdconf
It should produce errors similar to the ones you posted earlier.

Now you need to edit
/etc/apache2/conf.d/modsec/modsec2.cpanel.conf
If you do not know how to open, edit and save files on the command line then the ConfigServer ModSecurity Control plugin can provide a gui to edit this file.
You need to remove all lines in that file which have an Include to a .conf file.
Then save the file.
This should fix the missing file errors and allow httpd.conf to rebuild.
Run
/scripts/rebuildhttpdconf
to see if you now have success.
If you have success I would now restart apache...
/usr/local/cpanel/scripts/restartsrv_httpd

If you have success with restarting Apache, move on to the WHM » Security Center »ModSecurity™ Vendors » Manage Vendors interface.
Delete the vendor ConfigServer
Delete the vendor Comodo

If success move on to add
https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
using the WHM interface or with the ssh command you ran in the other post.

Go to CXS interface and enable modsecurity integration to restore its functionality.
Go back to WHM » Security Center »ModSecurity™ Vendors » Manage Vendors interface to ensure CXS rule is installed and enabled.
 
  • Like
Reactions: netluxe and Infopro