Symptoms
The webserver Apache/httpd is unable to start because of the below error messages.
Syntax error on line 270 of /etc/apache2/conf/httpd.conf:
Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf:
Syntax error on line 29 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf:
Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/OWASP/crs-setup.conf
Description
If configuration files for the ModSecurity vendors are removed from the Apache configuration while still being enabled, it will cause configuration errors in the httpd.conf file. This issue can occur for many reasons but usually, the files are removed accidentally or because of an issue encountered on the server.
Workaround
To start Apache the Include files need to be disabled temporarily. Edit the below file with a text editor like vi, vim, or nano.
/etc/apache2/conf.d/modsec2.conf
Disable the Included line by adding a "#" at the beginning of the line:
# Include /etc/apache2/conf.d/modsec/modsec2.cpanel.conf
Now Apache can be restarted successfully.
/scripts/restartsrv_httpd
The next step is to get the ModSecurity rules reinstalled.
/usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
You will receive output similar to the below.
~ - p1 -# /usr/local/cpanel/scripts/modsec_vendor add http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
info [modsec_vendor] You have added the vendor “OWASP ModSecurity Core Rule Set V3.0”.
[OWASP3] OWASP ModSecurity Core Rule Set V3.0
archive_url http://httpupdate.cpanel.net/modsecurity-rules/OWASP3_1501094486.zip
description SpiderLabs OWASP curated ModSecurity rule set
dist_md5 2697e62531ab49f3907d10049bfc18a0
dist_sha512 cee19f6abb78e52f7ea51a4cfbc3783fa8e60d88f5ae8b959026eeafff4d0d49f0538daf9302c61df26209f28a1eebc0b0e2ddd02036411ab8dae3c2d464f5ef
distribution OWASP3_1501094486
enabled 1
inst_dist OWASP3_1501094486
installed 1
installed_from http://httpupdate.cpanel.net/modsecurity-rules/meta_OWASP3.yaml
is_rpm
meta_vendor_cache_file /var/cpanel/modsec_vendors/meta_OWASP3.cache
meta_yaml_file /var/cpanel/modsec_vendors/meta_OWASP3.yaml
name OWASP ModSecurity Core Rule Set V3.0
path /etc/apache2/conf.d/modsec_vendor_configs/OWASP3
progress_bar
report_url https://www.modsecurity.org/rule_issue_report/cPanel/report/new
supported_versions (12)
vendor_id OWASP3
vendor_url https://go.cpanel.net/modsecurityowasp
Afterward, the rules can be successfully enabled with the following command.
/usr/local/cpanel/scripts/modsec_vendor enable-configs OWASP3
You will receive output similar to the below.
~ - p1 -# /usr/local/cpanel/scripts/modsec_vendor enable-configs OWASP3
(22 / 22)
info [modsec_vendor] You have enabled all of the configuration files for the vendor “OWASP3”.
Then finally uncomment the disabled line and restart Apache to return ModSecurity to normal operating mode. Edit file "/etc/apache2/conf.d/modsec2.conf" to remove the "#" on the Include line. Using the same method as earlier with vi, vim or nano.
Include /etc/apache2/conf.d/modsec/modsec2.cpanel.conf
After saving the change, restart Apache one final time.
/scripts/restartsrv_httpd
Everything should be back to normal at this point and you are all set.
Additional
Additionally, if the missing file references a Third-Party vendor, you will need to substitute that vendor in the Vendor Add command.
For example, COMODO:
The error would look like this:
Syntax error on line 270 of /etc/apache2/conf/httpd.conf:
Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf:
Syntax error on line 29 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf:
Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf
So, to restore the vendor, run:
/usr/local/cpanel/scripts/modsec_vendor add https://waf.comodo.com/doc/meta_comodo_apache.yaml
Take note of the vendor_id in the output, and use it in the next command:
/usr/local/cpanel/scripts/modsec_vendor enable-configs comodo_apache