/var/cpanel/secdatadir/ip.pag file massive
Does anyone know why the file /var/cpanel/secdatadir/ip.pag is constantly growing to huge sizes?
I can rm /var/cpanel/secdatadir/ip.pag and within a day it's back up to 8GB and growing.
-
Hello, This relates to the following bug with ModSecurity: IP persistence storage seems to not clean up " Issue #574 " SpiderLabs/ModSecurity " GitHub Case EA-4092 is open to determine how to prevent this issue from happening. I'll update this thread with the more information on the status of this case as it becomes available. In the meantime, the temporary workaround is to move the file out of the way and restart Apache. Thank you. 0 -
In the meantime, the temporary workaround is to move the file out of the way and restart Apache.
Thank you cPanelMichael. I'm not sure I follow your exact meaning when you say the temporary workaround is to "move the file out of the way". Are you talking about the ip.pag file at /var/cpanel/secdatadir/ip.pag ? If so, I have been using rm /var/cpanel/secdatadir/ip.pag to delete it manually every so often but it just comes back.0 -
Yes, I am referring to the /var/cpanel/secdatadir/ip.pag file. Deleting that file is advised as a temporary workaround, as case EA-4092 should address the issue with a permanent solution. Thank you. 0 -
Hello, This relates to the following bug with ModSecurity: IP persistence storage seems to not clean up " Issue #574 " SpiderLabs/ModSecurity " GitHub Case EA-4092 is open to determine how to prevent this issue from happening. I'll update this thread with the more information on the status of this case as it becomes available. In the meantime, the temporary workaround is to move the file out of the way and restart Apache. Thank you.
Thank you cPanelMichael. Definitely holding out hope that there's a solution eventually, as the file grows to surprisingly large sizes and the high volume of "collections_remove_stale: Failed deleting collection" log instances is a bit unnerving.0 -
Hello @Metro2, cPanel & WHM provides the ModSecurity" SDBM utility in EasyApache 4 to purge expired entries from the /var/cpanel/secdatadir/ip.pag cache file. Instructions on how to install this utility are documented at: ModSecurity SDBM Utility - EasyApache 4 - cPanel Documentation Thanks! 0 -
Hi cPanelMichael, Thank you very much for coming back to this and posting that info! Much appreciated! Now if only I weren't so gun-shy to switch to EA4. I'm running CloudLinux 6.7 and a couple months ago attempted the switch from WHM's EA3 to CL's EA4 instructions and to put it short - things did not go well, so I reverted back to EA3. When I brought the issues here to cPanel support I was told "well you're using CloudLinux's EA4 now" and when I brought the issues to CL support they said "it's still cPanel's EA4" and so rather than let my ticket queue fill up with customers having problems, I went back to EA3 as quick as I could to restore order & operation. (I'm not the only one frustrated with the cPanel/CloudLinux EasyApache relationship if you read the CL boards at all, btw). But again, thank you! This information will come in very handy someday when I have the guts to attempt converting WHM EA3 to CL EA4 once more. 0 -
Hello @Metro2, I'm sorry to hear you had a bad experience on your initial attempt at converting to EasyApache 4. Feel free to open a new thread when you're ready to consider switching to EasyApache 4 again. We can go through any concerns you have one by one, and let you know if those issues have since been addressed. We pushed out several changes with EasyApache 4 coinciding with cPanel version 60 to address issues with EasyApache 4 and CloudLinux. Thanks! 0 -
Hello @prakashnplink, Did you install the utility on the server first by using the "yum install ea-modsec-sdbm-util" command? Have you tried running it while logged in as "root" instead of with the "sudo" command? Thank you. 0 -
Well, it is already installed in server and yes I am running it as root user. 0 -
Could you open a support ticket using the link in my signature so we can take a closer look? Thank you. 0 -
Hello Michael, I have the same problem. Suddenly /var/cpanel/secdatadir/ip.pag started to get bigger and bigger. After deletion it is 11GB in size after a minute a two. Then, a few days later it is 30GB. I'm using EA 3. Is there any workaround to fix that? I haven't found any. Rotate -var-cpanel-secdatadir-ip.pag maybe this will help, but I'm failed to understand where is the setting. Thank you 0 -
I'm using EA 3
Hi, Is there anything in-particular keeping you from migrating to EasyApache 4? We recently posted a thread on the EA3 deprecation schedule at: EasyApache 3: It's been a long road, but it will be time to say goodbye soon. Thank you.0 -
Hi, Is there anything in-particular keeping you from migrating to EasyApache 4? We recently posted a thread on the EA3 deprecation schedule at: EasyApache 3: It's been a long road, but it will be time to say goodbye soon. Thank you.
I'm afraid that something will go wrong during update:oops: And I have a lot of customers on the server...0 -
I'm afraid that something will go wrong during update
Feel free to open a support ticket using the link in my signature if you'd like us to complete the EA4 migration for you. Thank you.0 -
Hello, I have the same problem, large size (35 Gb) /var/cpanel/secdatadir/ip.pag There is problem to update to EA4, because http: //nginxcp.com was installed on this server. Which is no longer supported. But we are still afraid to turn it off, in order to avoid unexpected problems for users and wait to feature "Stand-alone nginx supported as an alternative to Apache". Is it possible to clean the file ip.pag in another way? 0 -
I have the same problem, large size (35 Gb) /var/cpanel/secdatadir/ip.pag There is problem to update to EA4, because http: //nginxcp.com was installed on this server. Which is no longer supported. But we are still afraid to turn it off, in order to avoid unexpected problems for users and wait to feature "Stand-alone nginx supported as an alternative to Apache". Is it possible to clean the file ip.pag in another way?
Hello, With EasyApache 3, the workaround is to remove the file and restart Apache. Thank you.0
Please sign in to leave a comment.
Comments
17 comments