kona333

Member
Jul 9, 2014
9
1
3
cPanel Access Level
Root Administrator
I went to restart HTTP Server (Apache) the other day, and it crashed with an error, and wouldn't restart from there. I had to go back to the data centre to fix it, because everything was down. They said the fixed something in the httpd configuration file and it restarted fine, and that I was clear to restart in future.

I just went to add POODLE support to Apache config, went to save it and got this error, which appears to be exactly the same as the error I had the other day. I'll paste below.
Now I'm too scared to try and restart again in case it crashes like last time, and I can't keep going back to the data centre to fix these issues. Can anyone see the error below? It's all just gibberish to me. Lines 23 and 25 look closed to me (assuming " " represents closed)

Code:
Sorry, httpd.conf failed to rebuild with your changes to the includes. Please correct this issue.
The failure is shown below:

[2015-12-01 22:04:13 +1300] info [rebuildhttpdconf] Missing owner for domain HIDDEN, force lookup to root
[2015-12-01 22:04:16 +1300] info [rebuildhttpdconf] Missing owner for domain HIDDEN, force lookup to root
Initial configuration generation failed with the following message:

Configuration problem detected on line 44 of file /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT:   : Syntax error on line 25 of /usr/local/apache/conf/modsec2.conf: Syntax error on line 23 of /usr/local/apache/conf/modsec2.user.conf: /usr/local/apache/conf/modsec2.user.conf:23: <LocationMatch> was not closed.

   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
   38
   39
   40Include "/usr/local/apache/conf/modhostinglimits.conf"
   41Include "/usr/local/apache/conf/php.conf"
   42Include "/usr/local/apache/conf/mod_bandwidth.conf"
   43Include "/usr/local/apache/conf/includes/errordocument.conf"
   44 ===> Include "/usr/local/apache/conf/modsec2.conf" <===
   45Include "/usr/local/apache/conf/includes/account_suspensions.conf"
   46
   47
   48ErrorLog "logs/error_log"
   49DefaultType text/plain
   50ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---


Rebuilding configuration without any local modifications.

Failed to generate a syntactically correct Apache configuration.
Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT
Error:
Configuration problem detected on line 44 of file /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT:   : Syntax error on line 25 of /usr/local/apache/conf/modsec2.conf: Syntax error on line 23 of /usr/local/apache/conf/modsec2.user.conf: /usr/local/apache/conf/modsec2.user.conf:23: <LocationMatch> was not closed.

   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
   38
   39
   40Include "/usr/local/apache/conf/modhostinglimits.conf"
   41Include "/usr/local/apache/conf/php.conf"
   42Include "/usr/local/apache/conf/mod_bandwidth.conf"
   43Include "/usr/local/apache/conf/includes/errordocument.conf"
   44 ===> Include "/usr/local/apache/conf/modsec2.conf" <===
   45Include "/usr/local/apache/conf/includes/account_suspensions.conf"
   46
   47
   48ErrorLog "logs/error_log"
   49DefaultType text/plain
   50ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---

Line 44 points to modsec2.conf: Include "/usr/local/apache/conf/modsec2.conf"

The actual file in question, modsec2.conf, has all this:

Code:
LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so
LoadModule security2_module  modules/mod_security2.so
<IfModule mod_security2.c>

  # See [URL='http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf']ModSecurity: Open Source Web Application Firewall[/URL]
  #  "Add the rules that will do exactly the same as the directives"
  # SecFilterCheckURLEncoding On
  # SecFilterForceByteRange 0 255

  <IfModule mod_ruid2.c>
  SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
  SecAuditLogType Concurrent
  </IfModule>
  <IfModule itk.c>
  SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
  SecAuditLogType Concurrent
  </IfModule>
  SecAuditLog logs/modsec_audit.log
  SecDebugLog logs/modsec_debug_log
  SecDebugLogLevel 0
  SecDefaultAction "phase:2,deny,log,status:406"
  SecRule MULTIPART_STRICT_ERROR "[email protected] 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}',id:1234123456"
  SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow,id:1234123455
  Include "/usr/local/apache/conf/modsec2.user.conf"
  Include "/usr/local/apache/conf/modsec2.cpanel.conf"
</IfModule>
Thanks


- Removed -
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
Hello :)

Are you adding custom entries to /usr/local/apache/conf/modsec2.user.conf or are you obtaining your custom rules from a specific application or third-party ruleset? The error message appears to stem from line 23 in /usr/local/apache/conf/modsec2.user.conf.

Thank you.
 

kona333

Member
Jul 9, 2014
9
1
3
cPanel Access Level
Root Administrator
Oh if that's line 23, then yes /usr/local/apache/conf/modsec2.user.conf. had a custom entry that was commented out, but it must not have been done properly so I just removed all lines from that file and now it's fine and dandy, restarted without issue :) Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
I am happy to see the issue is now resolved. Thank you for updating us with the outcome.