ModSecurity Problem
After recomplie apache with easyapache, the apache service don't go up. We tried to restart via it command line and we get the following error error:
root@3 [~]# service httpd restart
[Mon Jun 30 20:45:24.426540 2014] [so:warn] [pid 10213] AH01574: module reqtimeout_module is already loaded, skipping
AH00526: Syntax error on line 37 of /usr/local/apache/conf/modsec2.conf:
ModSecurity: No action id present within the rule
We recomplie apache 2 more times but the error persist. Then open the modsec2.conf and remove these line to start up the apache:
I can't find which line cause the problem or what happen. To put the server online again we remove those lines and save the file. Then, we revert the change after apache go up. If we restart apache whit those line we will get the error again. Thanks for any advice!
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow,id:1234123455 <----- Line 37
Include "/usr/local/apache/conf/modsec2.user.conf"
I can't find which line cause the problem or what happen. To put the server online again we remove those lines and save the file. Then, we revert the change after apache go up. If we restart apache whit those line we will get the error again. Thanks for any advice!
-
Hello :) To update, per a support ticket, the primary issue here was the following error output: AH01574: module reqtimeout_module is already loaded, skipping
The entry for that module was found and removed in:/usr/local/apache/conf/includes/pre_main_global.conf
Apache now starts successfully. Thank you.0 -
Fixed!! Thanks 0
Please sign in to leave a comment.
Comments
2 comments