Problem with ModSecurity Vendors
hello
this error show to ModSecurity when enable or delete vendor
[QUOTE]
Error: The system experienced the following error when it attempted to remove the vendor COMODO ModSecurity LiteSpeed Rule Set: API failure: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 27 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or directory
and show this error when add new vendor
How to solve this problem ?! thanks ...
and show this error when add new vendor
Error: API failure: The system could not download the file "https://waf.comodo.com/doc/meta_comodo_litespeed.yaml" curl: (28) Resolving timed out after 1549399935847 milliseconds
How to solve this problem ?! thanks ...
-
Hello @Motamedi It would seem you have the 3rd party comodo WAF ruleset installed on the server which is ultimately causing issues. I'd suggest removing the 3rd party plugin and then trying to rebuild + restart apache. In other instances we've seen the litespeed/comodo related entries in the following being removed as resolving the issue as well: /etc/apache2/conf.d/modsec/modsec2.cpanel.conf
0 -
Hello @Motamedi First I would attempt to disable/remove the plugin while the issue is occurring: Log in to WHM>>Security Center>>ModSecurity Vendors and disable or delete the Comodo Vender there. Then let us know if the issue persists. Thanks! 0 -
Hello @Motamedi First I would attempt to disable/remove the plugin while the issue is occurring: Log in to WHM>>Security Center>>ModSecurity Vendors and disable or delete the Comodo Vender there. Then let us know if the issue persists. Thanks!
i'm deleted Comodo vender, but i can not add again this error show when add vendor [QUOTE] Error: API failure: The system could not download the file "Free ModSecurity Rules from Comodo: curl: (28) Resolving timed out after 1549363132798 milliseconds
How to solve the problem Can i add again? thanks0 -
Hello, First I'd ensure that you can restart apache successfully. Secondly, the error you're getting would suggest a connection issue with Comodo WAF and until that is resolved you won't be able to utilize their ruleset. To troubleshoot that you'd need to contact them directly. 0 -
Unfortunately, after a few days, my problem was not resolved I entered this command in SSH and show this error -bash-4.2# /usr/local/cpanel/scripts/modsec_vendor add https://waf.comodo.com/doc/meta_comodo_litespeed.yaml warn [modsec_vendor] The system could not add the vendor: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/05_Global_Exceptions.conf: No such file or directory info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup warn [modsec_vendor] The system could not uninstall the vendor: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 27 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/configserver/00_configserver.conf: No such file or directory warn [modsec_vendor] The system failed to add the vendor from the URL "Free ModSecurity Rules from Comodo: The system could not validate the new Apache configuration because httpd exited with a nonzero value. Apache produced the following error: httpd_ls_bak: Syntax error on line 259 of /etc/apache2/conf/httpd.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec2.conf: Syntax error on line 32 of /etc/apache2/conf.d/modsec/modsec2.cpanel.conf: Could not open configuration file /etc/apache2/conf.d/modsec_vendor_configs/comodo_litespeed/05_Global_Exceptions.conf: No such file or directory -bash-4.2#
How to solve the problem? thanks0 -
Are these docs of any use to you? litespeedtech.com/support/wiki/doku.php/litespeed_wiki:waf:comodo 0 -
Reading the warnings you got when you tried to add the vendor meta_comodo_litespeed.yaml It appears you have two vendor rulesets partially deleted. It seems the first issue happened with cxs rule where the .conf file was deleted but the Include to it was not deleted. Secondary to this a litespeed .conf was deleted but the Include to it was not. When you add/remove modec vendor or enable/disable a modsec ruleset apache's /etc/apache2/conf/httpd.conf is rebuilt using the newly edited modsec files. In your case this rebuild process failing because of the Includes to missing files in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf To test the rebuild process run the command (do it now so you can compare the output later)... /scripts/rebuildhttpdconf It should produce errors similar to the ones you posted earlier. Now you need to edit /etc/apache2/conf.d/modsec/modsec2.cpanel.conf If you do not know how to open, edit and save files on the command line then the ConfigServer ModSecurity Control plugin can provide a gui to edit this file. You need to remove all lines in that file which have an Include to a .conf file. Then save the file. This should fix the missing file errors and allow httpd.conf to rebuild. Run /scripts/rebuildhttpdconf to see if you now have success. If you have success I would now restart apache... /usr/local/cpanel/scripts/restartsrv_httpd If you have success with restarting Apache, move on to the WHM " Security Center "ModSecurity" Vendors " Manage Vendors interface. Delete the vendor ConfigServer Delete the vendor Comodo If success move on to add 0 -
Fixed after deleting the file /var/cpanel/modsec_cpanel_conf_datastore 0 -
Reading the warnings you got when you tried to add the vendor meta_comodo_litespeed.yaml It appears you have two vendor rulesets partially deleted. It seems the first issue happened with cxs rule where the .conf file was deleted but the Include to it was not deleted. Secondary to this a litespeed .conf was deleted but the Include to it was not. When you add/remove modec vendor or enable/disable a modsec ruleset apache's /etc/apache2/conf/httpd.conf is rebuilt using the newly edited modsec files. In your case this rebuild process failing because of the Includes to missing files in /etc/apache2/conf.d/modsec/modsec2.cpanel.conf To test the rebuild process run the command (do it now so you can compare the output later)... /scripts/rebuildhttpdconf It should produce errors similar to the ones you posted earlier. Now you need to edit /etc/apache2/conf.d/modsec/modsec2.cpanel.conf If you do not know how to open, edit and save files on the command line then the ConfigServer ModSecurity Control plugin can provide a gui to edit this file. You need to remove all lines in that file which have an Include to a .conf file. Then save the file. This should fix the missing file errors and allow httpd.conf to rebuild. Run /scripts/rebuildhttpdconf to see if you now have success. If you have success I would now restart apache... /usr/local/cpanel/scripts/restartsrv_httpd If you have success with restarting Apache, move on to the WHM " Security Center "ModSecurity" Vendors " Manage Vendors interface. Delete the vendor ConfigServer Delete the vendor Comodo If success move on to add
Dear fuzzylogic Thank You very much for detailed reply. I simply updated WHM and CPANEL on Centos 7.9 . We don't use any customization and no unique mods, no unique custom vendors WAFs absolutely nothing like this, just out of the box cpanel. After the update we lost the httpd service. Thank to you, I was able to edit /etc/apache2/conf.d/modsec/modsec2.cpanel.conf and delete .conf files for any mods that are included that were never on this server and httpd is now running. I am baffled how cpanel could not get their sh*t together and have that fixed as part of their procedures, I am certain this affects a lot of people and nobody does any update. Once again, thank you very much.0 -
@ipsonuser - most of the data in this thread is over two years old and related to non-standard rulesets. If you're seeing problems with the default owasp rules on the server after an update, it would be best to create a ticket with our team so we can look into that, as the issues from two years ago presented here are almost certainly not related. 0 -
Fixed after deleting the file /var/cpanel/modsec_cpanel_conf_datastore
thanks0
Please sign in to leave a comment.
Comments
13 comments