The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

slowloris rule conflict

Discussion in 'Security' started by jimlongo, Sep 24, 2013.

  1. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    Hi, back again with a new server, tried to insert the slowloris rule for mod sec along with the latest free atomic rules and cannot get Apache to restart. Once I remove the 88_slowloris.conf file from modsec2.user.conf then Apache starts.

    one of the errors was
    Syntax error on line 1 of /usr/local/apache/conf/modsec_rules/88_slowloris.conf:
    ModSecurity: Found another rule with the same id
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Your new mod_sec rule ID is getting conflict with another available rule on server. I would suggest you to update the rule ID to fix this issue.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Sorry man but this is horrible advice... delete all of his WAF rules to make one work? That's not advisable at all. He just needs to change the numeric ID of the rule he's adding, or make sure that rule isn't already active in another config file.

    @jimlongo, modsec rules will look similar to this:

    SecRule SOME_ATTRIBUTE "some regex" "deny,log,id:1234"

    Just change 1234 to some other random number to avoid the duplicate ID error. Also you can check with "httpd configtest" before restarting apache to make sure the syntax passes, so you won't bring down your webserver. If you see "Syntax OK" then you're good to go.
     
    #4 quizknows, Sep 25, 2013
    Last edited: Sep 25, 2013
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I should clarify that I do not recommend the original poster remove all their existing rules to get this single rule to work. The original poster mentioned setting up a new server and implementing the Atomic Mod_Security rules. Per the installation instructions for the Atomic Mod_Security rules:

    I'm simply suggesting they start with a clean ruleset before implementing the custom Atomic ruleset. At that point, or even in place of that step, renaming the rule ID is the resolution for adding the additional rule.

    Thank you.
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    That makes more sense. I interpreted your post the way I did because his post was about adding the one rule to the atomicorp rules (Which he implied were already running), and not a problem with installing the entire atomicorp ruleset.
     
Loading...

Share This Page