Symptoms
When checking the status of httpd service, you will see the following error:
[root@server ~]# systemctl status httpd -l
● httpd.service - Apache web server managed by cPanel EasyApache
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-03-19 06:35:20 CDT; 12s ago
Process: 7716 ExecStop=/usr/local/cpanel/scripts/restartsrv_httpd stop --no-verbose (code=exited, status=0/SUCCESS)
Process: 7723 ExecStart=/usr/local/cpanel/scripts/restartsrv_httpd --no-verbose (code=exited, status=1/FAILURE)
Main PID: 32363 (code=exited, status=0/SUCCESS)
Mar 19 06:35:19 server.domain.tld systemd[1]: Stopped Apache web server managed by cPanel EasyApache.
Mar 19 06:35:19 server.domain.tld systemd[1]: Starting Apache web server managed by cPanel EasyApache...
Mar 19 06:35:20 server.domain.tld restartsrv_httpd[7723]: AH00526: Syntax error on line 41 of /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf:
Mar 19 06:35:20 server.domain.tld restartsrv_httpd[7723]: Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data": No such file or directory
Mar 19 06:35:20 server.domain.tld systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 19 06:35:20 server.domain.tld systemd[1]: Failed to start Apache web server managed by cPanel EasyApache.
Mar 19 06:35:20 server.domain.tld systemd[1]: Unit httpd.service entered failed state.
Mar 19 06:35:20 server.domain.tld systemd[1]: httpd.service failed.
The same information can be seen when rebuilding Apache's configuration:
[root@server ~]# /scripts/rebuildhttpdconf
Initial configuration generation failed with the following message:
The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.6ebe700b.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 28745) reported error number 1 when it ended.
Configuration problem detected on line 40 of file /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf: Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data": No such file or directory
--- /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf ---
Descriptions
This usually suggests that a file associated with Imunify360 ModSecurity Rules For Apache is missing. The file's name and the type of the ruleset are usually reported in the error. For instance, in the error above, the missing file is userdata_dirb_URLs.data, and also the Imunify360 ModSecurity Rulest is the full version and not the minimal version:
/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data
Workaround
You should be able to get around this error by reinstalling the problematic ruleset. Here is how it's done:
- Find the vendor and the vendor ID of the ModSecurity ruleset package that the missing file belongs to.
[root@server ~]# whmapi1 modsec_get_vendors | grep -i vendor_id | uniq -u
vendor_id: OWASP3
vendor_id: imunify360-minimal-apache
vendor_id: imunify360-full-apache> - Disable the ruleset entirely.
[root@server ~]# /scripts/modsec_vendor disable-configs imunify360-full-apache imunify360-full-apache
(18 / 18) - Remove the vendor:
[root@server ~]# /scripts/modsec_vendor remove imunify360-full-apache
info [modsec_vendor] You have removed the vendor “imunify360-full-apache”. - Reinstall the missing ruleset with the following command.
[root@server ~]# whmapi1 modsec_add_vendor url=https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yaml
---
data:
archive_url: https://files.imunify360.com/static/modsec/v2/imunify360-full-apache.zip
cpanel_provided: 0
description: Imunify360 ModSecurity Rules For Apache
dist_md5: 24379ff57a11d8507bab0e2658dc7604
dist_sha512: 9519a81f7933a3efe9c39fd17e8fe9a2c29896a3ad445a27badfc9b4811dc98ae9d1b81752c940635ab8a5af3d115c4bf3663f9225948f08b8068ae23e9db315
enabled: 1
inst_dist: imunify360-full-apache-3.72-stable
installed: 1
installed_from: https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yaml
name: Imunify360 Apache Rule Set
path: /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache
supported_versions:
- 2.7.5
- 2.7.7
- 2.8.0
- 2.9.0
- 2.9.1
- 2.9.2
- 2.9.3
- 3.0.4
vendor_id: imunify360-full-apache
vendor_url: https://docs.imunify360.com/
metadata:
command: modsec_add_vendor
reason: OK
result: 1
version: 1Note: These are the URLs for the YAML files for both versions of Imunify360 ModSecurity Rules For Apache (Full and minimal), so in the above command, you need to replace the URL with whatever version you wish to install.
https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yaml
https://files.imunify360.com/static/modsec/v2/meta_imunify360-minimal-apache.yaml
If your server runs LiteSpeed instead of Apache, you will have to use one of the Imunify360 ModSecurity Rules For LiteSpeed (Full and minimal) URLs below.
https://files.imunify360.com/static/modsec/v2/meta_imunify360-minimal-litespeed.yaml
https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-litespeed.yaml
- Enable the newly installed ruleset.
[root@server ~]# whmapi1 modsec_enable_vendor vendor_id=imunify360-full-apache
---
data: {}
metadata:
command: modsec_enable_vendor
reason: OK
result: 1
version: 1 - Rebuild the Apache configuration files.
/scripts/rebuildhttpdconf
- Restart Apache.
systemctl restart httpd
Comments
0 comments
Article is closed for comments.