Symptoms
When checking the Apache status, you see an error similar to the following.
Mar 19 06:35:20 server.domain.tld restartsrv_httpd[7723]: AH00526: Syntax error on line 41 of /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf:
Mar 19 06:35:20 server.domain.tld restartsrv_httpd[7723]: Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data": No such file or directory
An error similar to the following will be encountered when attempting to rebuild the Apache configuration.
The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.6ebe700b.cfgcheck -C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 28745) reported error number 1 when it ended.
Configuration problem detected on line 40 of file /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/004_i360_4_custom.conf: Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/userdata_dirb_URLs.data": No such file or directory
Descriptions
This usually suggests that a file associated with Imunify360 ModSecurity Rules For Apache is missing. The file's name and the type of the ruleset are usually reported in the error. For instance, in the error above, the missing file is userdata_dirb_URLs.data, and also the Imunify360 ModSecurity Ruleset is the full version and not the minimal version:
/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apacheuserdata_dirb_URLs.data
Workaround
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Find the vendor ID of the ModSecurity ruleset package that the missing file belongs to.
[root@server ~]# whmapi1 modsec_get_vendors | grep -i vendor_id | uniq -u
vendor_id: OWASP3
vendor_id: imunify360-minimal-apache
vendor_id: imunify360-full-apache - Disable the ruleset entirely.
/usr/loal/cpanel/scripts/modsec_vendor disable-configs $vendorid
Please note that "$vendorid" must be replaced by thevendor_idvalue found above. - Remove the vendor:
/usr/local/cpanel/scripts/modsec_vendor remove $vendorid
Please note that "$vendorid" must be replaced by thevendor_idvalue found above. - Reinstall the missing ruleset with the following command.
whmapi1 modsec_add_vendor url=$URL
Please note that "$URL" must be replaced with the appropriate URL for the
vendor_idvalue found above.https://files.imunify360.com/static/modsec/v2/meta_imunify360-full-apache.yamlhttps://files.imunify360.com/static/modsec/v2/meta_imunify360-minimal-apache.yamlhttps://files.imunify360.com/static/modsec/v2/meta_imunify360-minimal-litespeed.yamlhttps://files.imunify360.com/static/modsec/v2/meta_imunify360-full-litespeed.yaml
- Enable the newly installed ruleset.
whmapi1 modsec_enable_vendor vendor_id=$vendorid
Please note that "$vendorid" must be replaced by thevendor_idvalue found above. - Rebuild the Apache configuration files.
/usr/local/cpanel/scripts/rebuildhttpdconf
- Restart Apache.
/usr/local/cpanel/scripts/restartsrv_httpd
Comments
0 comments
Article is closed for comments.