In some cases, if you have a custom Mod_Security plugin or script that references a modsec.conf file, Apache will not start if this file is missing.
Description
The Apache Module for Mod_Security is enabled and provided by default. When Apache starts it will verify and validate that configuration file for Mod_security is loaded. (This file being /etc/apache2/conf.d/modsec2.conf
) However, this main Mod_Security configuration file will also load any customization entered in the files /etc/apache2/conf.d/modsec/modsec2.user.conf
and also /etc/apache2/conf.d/modsec/modsec2.cpanel.conf
Now that we confirmed the use of these files, we can better review the error. If any custom modsec.conf files are set to "Include" into Mod_Security, but are missing, Apache will fail to start with an error similar to the one below:
server restartsrv_httpd: httpd: Syntax error on line 272 of /etc/apache2/conf/httpd.conf:
Syntax error on line 31 of /etc/apache2/conf.d/modsec2.conf:
Syntax error on line 2 of /etc/apache2/conf.d/modsec/modsec2.user.conf:
Could not open configuration file
/opt/cpanel_techs/cpanel_custom_plugin/modsec/etc/customplugin.modsec.conf: No such file or directory
In this Example above, this server had a custom "Include" in the file /etc/apache2/conf.d/modsec/modsec2.user.conf
that was trying to have the file /opt/cpanel_techs/cpanel_custom_plugin/modsec/etc/customplugin.modsec.conf
be included. However, this file did not exist, so Apache could not start.
Workaround
View the contents of the below files:
/etc/apache2/conf.d/modsec/modsec2.user.conf
/etc/apache2/conf.d/modsec/modsec2.cpanel.conf
And check for any custom "Include" options. Ensure that the files that are set to be included do indeed exist. If they do not exist, you can remove the "Include" from this file or add a "#" at the beginning of the line to comment out the include.