Apache error

needsomehelp · April 5, 2015, 11:41am

Hi anyone help Apache is not running on my server error below

When I run the configuration test for Apache I get the following:

service httpd configtest

AH00526: Syntax error on line 31 of /var/cpanel/cwaf/rules/cwaf_01.conf:
ModSecurity: Found another rule with the same id

MrSharif · April 5, 2015, 2:58pm

yeah have a error
how to fix this error?

needsomehelp · April 5, 2015, 4:27pm

I found this below which sorted ours all working now. and took auto update off so it wont happen again.

rm -rf /var/cpanel/cwaf/tmp/rules/*

/var/cpanel/cwaf/scripts/updater.pl

MrSharif · April 6, 2015, 7:04am

ModSecurity save modsec2.conf
Rebuilding and restarting Apache:
Initial configuration generation failed with the following message:

Configuration problem detected on line 31 of file /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf: ModSecurity: Found another rule with the same id

--- /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf ---
25SecAction \
26	"id:210000,\
27	phase:1,\
28	pass,\
29	setvar:tx.points_limit4=5, setvar:tx.points_limit3=4, setvar:tx.points_limit2=3, setvar:tx.points_limit1=2,\
30	nolog,\
31 ===> 	t:none"

<===
32
33
34SecAction
35 "id:210010,
36 phase:1,
37 pass,
— /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf —

Rebuilding configuration without any local modifications.

Failed to generate a syntactically correct Apache configuration.
Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.qV0P_rYXcQ7iGM6Y
Error:
Configuration problem detected on line 31 of file /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf: ModSecurity: Found another rule with the same id

--- /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf ---
25SecAction \
26	"id:210000,\
27	phase:1,\
28	pass,\
29	setvar:tx.points_limit4=5, setvar:tx.points_limit3=4, setvar:tx.points_limit2=3, setvar:tx.points_limit1=2,\
30	nolog,\
31 ===> 	t:none"

<===
32
33
34SecAction
35 "id:210010,
36 phase:1,
37 pass,
— /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf —

AH00526: Syntax error on line 31 of /usr/local/apache/conf/modsec_vendor_configs/comodo-apache/cwaf_01.conf:
ModSecurity: Found another rule with the same id

oleg.tsygany · April 6, 2015, 7:56am

Hi

Please try to update vendor rules to latest version.
Try this from command console:

# /usr/local/cpanel/scripts/modsec_vendor update --auto

webjive · April 6, 2015, 3:53pm

I’m having these exact same issues… Just tried this and this msg was returned.

root@server3 [/var/cpanel/cwaf/rules]# /usr/local/cpanel/scripts/modsec_vendor update --auto
info [modsec_vendor] Updates are in progress for all of the installed ModSecurity vendors with automatic updates enabled.

webjive · April 6, 2015, 4:00pm

Just tried to edit a client rule exclude after CWAF shows ruleset as 1.27 and now getting this error…

ERROR!
can not restart httpd, delete domain exclude list

MrSharif · April 6, 2015, 8:47pm

i add mod sec include comodo waf

LoadFile /opt/xml2/lib/libxml2.so
# LoadFile /opt/lua/lib/liblua.so
LoadModule security2_module  modules/mod_security2.so
<IfModule mod_security2.c>
# See http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf 
#  "Add the rules that will do exactly the same as the directives"
# SecFilterCheckURLEncoding On 
# SecFilterForceByteRange 0 255
<IfModule mod_ruid2.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
</IfModule>
<IfModule itk.c>
    SecAuditLogStorageDir /usr/local/apache/logs/modsec_audit
    SecAuditLogType Concurrent
</IfModule>
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
Include "/usr/local/apache/conf/modsec2.user.conf"
Include "/usr/local/apache/conf/modsec2.cpanel.conf"
Include "/var/cpanel/cwaf/etc/cwaf.conf"
</IfModule>

after restart httpd have a error

root [/]# service httpd restart
AH00526: Syntax error on line 31 of /var/cpanel/cwaf/rules/cwaf_01.conf:
ModSecurity: Found another rule with the same id
root [/]# _

oleg.tsygany · April 7, 2015, 8:11am

Hi MrSharif

Seems BOTH Vendor config and Plugin config activated on your server.
Since both provide the same rule set, ‘Found another rule with the same id’ error appear.
To avoid this error choose between Vendor and Plugin configuration and comment (with # ) either
Include "/usr/local/apache/conf/modsec2.user.conf" Include "/usr/local/apache/conf/modsec2.cpanel.conf"
or
Include "/var/cpanel/cwaf/etc/cwaf.conf"
lines in mod_security configuration.

Regards, Oleg

oleg.tsygany · April 7, 2015, 8:27am

Hi

Please mail me PM with more details, so I can provide close support.

Regards, Oleg