The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Syntax error modsec2.conf

Discussion in 'General Discussion' started by kona333, Dec 1, 2015.

  1. kona333

    kona333 Member

    Joined:
    Jul 9, 2014
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I went to restart HTTP Server (Apache) the other day, and it crashed with an error, and wouldn't restart from there. I had to go back to the data centre to fix it, because everything was down. They said the fixed something in the httpd configuration file and it restarted fine, and that I was clear to restart in future.

    I just went to add POODLE support to Apache config, went to save it and got this error, which appears to be exactly the same as the error I had the other day. I'll paste below.
    Now I'm too scared to try and restart again in case it crashes like last time, and I can't keep going back to the data centre to fix these issues. Can anyone see the error below? It's all just gibberish to me. Lines 23 and 25 look closed to me (assuming " " represents closed)

    Code:
    Sorry, httpd.conf failed to rebuild with your changes to the includes. Please correct this issue.
    The failure is shown below:
    
    [2015-12-01 22:04:13 +1300] info [rebuildhttpdconf] Missing owner for domain HIDDEN, force lookup to root
    [2015-12-01 22:04:16 +1300] info [rebuildhttpdconf] Missing owner for domain HIDDEN, force lookup to root
    Initial configuration generation failed with the following message:
    
    Configuration problem detected on line 44 of file /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT:   : Syntax error on line 25 of /usr/local/apache/conf/modsec2.conf: Syntax error on line 23 of /usr/local/apache/conf/modsec2.user.conf: /usr/local/apache/conf/modsec2.user.conf:23: <LocationMatch> was not closed.
    
       --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
       38
       39
       40Include "/usr/local/apache/conf/modhostinglimits.conf"
       41Include "/usr/local/apache/conf/php.conf"
       42Include "/usr/local/apache/conf/mod_bandwidth.conf"
       43Include "/usr/local/apache/conf/includes/errordocument.conf"
       44 ===> Include "/usr/local/apache/conf/modsec2.conf" <===
       45Include "/usr/local/apache/conf/includes/account_suspensions.conf"
       46
       47
       48ErrorLog "logs/error_log"
       49DefaultType text/plain
       50ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
       --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
    
    
    Rebuilding configuration without any local modifications.
    
    Failed to generate a syntactically correct Apache configuration.
    Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT
    Error:
    Configuration problem detected on line 44 of file /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT:   : Syntax error on line 25 of /usr/local/apache/conf/modsec2.conf: Syntax error on line 23 of /usr/local/apache/conf/modsec2.user.conf: /usr/local/apache/conf/modsec2.user.conf:23: <LocationMatch> was not closed.
    
       --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
       38
       39
       40Include "/usr/local/apache/conf/modhostinglimits.conf"
       41Include "/usr/local/apache/conf/php.conf"
       42Include "/usr/local/apache/conf/mod_bandwidth.conf"
       43Include "/usr/local/apache/conf/includes/errordocument.conf"
       44 ===> Include "/usr/local/apache/conf/modsec2.conf" <===
       45Include "/usr/local/apache/conf/includes/account_suspensions.conf"
       46
       47
       48ErrorLog "logs/error_log"
       49DefaultType text/plain
       50ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
       --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---

    Line 44 points to modsec2.conf: Include "/usr/local/apache/conf/modsec2.conf"

    The actual file in question, modsec2.conf, has all this:

    Code:
    LoadFile /opt/xml2/lib/libxml2.so
    # LoadFile /opt/lua/lib/liblua.so
    LoadModule security2_module  modules/mod_security2.so
    <IfModule mod_security2.c>
    
      # See [URL='http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf']ModSecurity: Open Source Web Application Firewall[/URL]
      #  "Add the rules that will do exactly the same as the directives"
      # SecFilterCheckURLEncoding On
      # SecFilterForceByteRange 0 255
    
      <IfModule mod_ruid2.c>
      SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
      SecAuditLogType Concurrent
      </IfModule>
      <IfModule itk.c>
      SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
      SecAuditLogType Concurrent
      </IfModule>
      SecAuditLog logs/modsec_audit.log
      SecDebugLog logs/modsec_debug_log
      SecDebugLogLevel 0
      SecDefaultAction "phase:2,deny,log,status:406"
      SecRule MULTIPART_STRICT_ERROR "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}',id:1234123456"
      SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow,id:1234123455
      Include "/usr/local/apache/conf/modsec2.user.conf"
      Include "/usr/local/apache/conf/modsec2.cpanel.conf"
    </IfModule>
    Thanks


    - Removed -
     
    #1 kona333, Dec 1, 2015
    Last edited by a moderator: Dec 1, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you adding custom entries to /usr/local/apache/conf/modsec2.user.conf or are you obtaining your custom rules from a specific application or third-party ruleset? The error message appears to stem from line 23 in /usr/local/apache/conf/modsec2.user.conf.

    Thank you.
     
  3. kona333

    kona333 Member

    Joined:
    Jul 9, 2014
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Oh if that's line 23, then yes /usr/local/apache/conf/modsec2.user.conf. had a custom entry that was commented out, but it must not have been done properly so I just removed all lines from that file and now it's fine and dandy, restarted without issue :) Thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page