Syntax error modsec2.conf

I went to restart HTTP Server (Apache) the other day, and it crashed with an error, and wouldn't restart from there. I had to go back to the data centre to fix it, because everything was down. They said the fixed something in the httpd configuration file and it restarted fine, and that I was clear to restart in future. I just went to add POODLE support to Apache config, went to save it and got this error, which appears to be exactly the same as the error I had the other day. I'll paste below. Now I'm too scared to try and restart again in case it crashes like last time, and I can't keep going back to the data centre to fix these issues. Can anyone see the error below? It's all just gibberish to me. Lines 23 and 25 look closed to me (assuming " " represents closed)


Sorry, httpd.conf failed to rebuild with your changes to the includes. Please correct this issue.
The failure is shown below:

[2015-12-01 22:04:13 +1300] info [rebuildhttpdconf] Missing owner for domain HIDDEN, force lookup to root
[2015-12-01 22:04:16 +1300] info [rebuildhttpdconf] Missing owner for domain HIDDEN, force lookup to root
Initial configuration generation failed with the following message:

Configuration problem detected on line 44 of file /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT:   : Syntax error on line 25 of /usr/local/apache/conf/modsec2.conf: Syntax error on line 23 of /usr/local/apache/conf/modsec2.user.conf: /usr/local/apache/conf/modsec2.user.conf:23:  was not closed.

   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
   38
   39
   40Include "/usr/local/apache/conf/modhostinglimits.conf"
   41Include "/usr/local/apache/conf/php.conf"
   42Include "/usr/local/apache/conf/mod_bandwidth.conf"
   43Include "/usr/local/apache/conf/includes/errordocument.conf"
   44 ===> Include "/usr/local/apache/conf/modsec2.conf" <===
   45Include "/usr/local/apache/conf/includes/account_suspensions.conf"
   46
   47
   48ErrorLog "logs/error_log"
   49DefaultType text/plain
   50ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---


Rebuilding configuration without any local modifications.

Failed to generate a syntactically correct Apache configuration.
Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT
Error:
Configuration problem detected on line 44 of file /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT:   : Syntax error on line 25 of /usr/local/apache/conf/modsec2.conf: Syntax error on line 23 of /usr/local/apache/conf/modsec2.user.conf: /usr/local/apache/conf/modsec2.user.conf:23:  was not closed.

   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---
   38
   39
   40Include "/usr/local/apache/conf/modhostinglimits.conf"
   41Include "/usr/local/apache/conf/php.conf"
   42Include "/usr/local/apache/conf/mod_bandwidth.conf"
   43Include "/usr/local/apache/conf/includes/errordocument.conf"
   44 ===> Include "/usr/local/apache/conf/modsec2.conf" <===
   45Include "/usr/local/apache/conf/includes/account_suspensions.conf"
   46
   47
   48ErrorLog "logs/error_log"
   49DefaultType text/plain
   50ScriptAliasMatch ^/?controlpanel/?$ /usr/local/cpanel/cgi-sys/redirect.cgi
   --- /usr/local/apache/conf/httpd.conf.work.yQH21rx4KEsdurVT ---

Line 44 points to modsec2.conf: Include "/usr/local/apache/conf/modsec2.conf" The actual file in question, modsec2.conf, has all this:


LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so
LoadModule security2_module  modules/mod_security2.so


  # See ModSecurity: Open Source Web Application Firewall
  #  "Add the rules that will do exactly the same as the directives"
  # SecFilterCheckURLEncoding On
  # SecFilterForceByteRange 0 255

  
  SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
  SecAuditLogType Concurrent
  
  
  SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
  SecAuditLogType Concurrent
  
  SecAuditLog logs/modsec_audit.log
  SecDebugLog logs/modsec_debug_log
  SecDebugLogLevel 0
  SecDefaultAction "phase:2,deny,log,status:406"
  SecRule MULTIPART_STRICT_ERROR "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_MISSING_SEMICOLON}, IQ %{MULTIPART_INVALID_QUOTING}, IP %{MULTIPART_INVALID_PART}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}',id:1234123456"
  SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow,id:1234123455
  Include "/usr/local/apache/conf/modsec2.user.conf"
  Include "/usr/local/apache/conf/modsec2.cpanel.conf"

Thanks - Removed -

cPanelMichael

December 02, 2015 14:54

Hello :) Are you adding custom entries to /usr/local/apache/conf/modsec2.user.conf or are you obtaining your custom rules from a specific application or third-party ruleset? The error message appears to stem from line 23 in /usr/local/apache/conf/modsec2.user.conf. Thank you.

kona333

December 02, 2015 23:28

Oh if that's line 23, then yes /usr/local/apache/conf/modsec2.user.conf. had a custom entry that was commented out, but it must not have been done properly so I just removed all lines from that file and now it's fine and dandy, restarted without issue :) Thanks

December 03, 2015 13:56

I am happy to see the issue is now resolved. Thank you for updating us with the outcome.

Syntax error modsec2.conf

Comments

Didn't find what you were looking for?