Skip to main content

Apache failed after update ea-apache24-mod_security2 to 2.9.10

Steven Sublett
  • Updated

Symptoms

Apache configtest reports a syntax error.

apachectl configtest
httpd: Syntax error on line of /etc/apache2/conf/httpd.conf: Include/IncludeOptional:

Apache syntax errors during rebuild or restart.

/scripts/rebuildhttpdconf 
Initial configuration generation failed with the following message:

The “/usr/sbin/httpd -DSSL -t -f /etc/apache2/conf/httpd.conf.work.21091c46.cfgcheck 
-C Include "/etc/apache2/conf.modules.d/*.conf"” command (process 12345) 
reported error number 1 when it ended.
Configuration problem detected on line 472 of file 
/etc/apache2/conf.d/modsec_vendor_configs/1/rules/04.conf: 
Error creating rule: Error compiling pattern (offset 32): 
unrecognized character follows \\

Apache syntax errors during update.

Scriptlet output:
1 
2 
3 Checking new rules
4 POSTRANS
5 The system could not validate the new Apache configuration because 
httpd exited with a nonzero value. Apache produced the following error: 
AH00526: Syntax error
6 Error creating rule: Error compiling pattern (offset 32): unrecognized 
character follows \\
7

 

Description

ModSecurity version 2.9.9 refactored to use PCRE2. PCRE2 is more strict about error handling when it comes to regexes. This affects ModSecurity regexes because rules that may have been failing prior to updating are now returning an error, which causes Apache to fail.

From the OWASP changelog:

      Changes in v2.9.9:

               chore: refactor build system to use PCRE2

cPanel released updates on June 4th to address the CVEs for ModSecurity.

28.18

2025 June 4

ea-apache24-mod_security2

Workaround

Please review the ModSecurity ruleset configuration file on the affected line to correct the syntax error or disable the rule.

This most commonly occurs for custom-defined rules or third-party ModSecurity rulesets. After correcting the rule or disabling it, rebuild the configuration and restart Apache.

/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd

 

Related articles

Comments

0 comments

Article is closed for comments.