Hello ,
I am getting the following error when trying to install rules for WAF. how can I fix it ?
05/05/14 04:12:28 updater[27101] debug is ON, level = 10
05/05/14 04:12:28 updater[27101] create pid file
05/05/14 04:12:28 updater[27101] try to get data from CWAF server
05/05/14 04:12:28 updater[27101] lwp_params: timeout=60 sec, save_to_file flag: 0
05/05/14 04:12:29 updater[27101] normalize content
05/05/14 04:12:29 updater[27101] parse JSON from CWAF server
05/05/14 04:12:29 updater[27101] got answer from CWAF (OK)
05/05/14 04:12:29 updater[27101] save response
05/05/14 04:12:29 updater[27101] lwp_params: timeout=60 sec, save_to_file flag: 1
05/05/14 04:12:29 updater[27101] file has been downloaded successfully: cwaf_rules-1.06.tgz
05/05/14 04:12:29 updater[27101] /var/cpanel/cwaf/tmp/rules.tgz original md5sum - 8122f272045cc9a25c63ad15d599f2dd
05/05/14 04:12:29 updater[27101] /var/cpanel/cwaf/tmp/rules.tgz local md5sum - 8122f272045cc9a25c63ad15d599f2dd
05/05/14 04:12:29 updater[27101] file successfully saved (/var/cpanel/cwaf/tmp/rules.tgz)
05/05/14 04:12:29 updater[27101] make backup for previous rules version
05/05/14 04:12:29 updater[27101] workdir is /var/cpanel/cwaf/tmp/rules/workdir1
05/05/14 04:12:29 updater[27101] workdir is /var/cpanel/cwaf/tmp/rules/workdir1
05/05/14 04:12:29 updater[27101] prepare to remove directory /var/cpanel/cwaf/tmp/rules/workdir2
05/05/14 04:12:29 updater[27101] remove directory /var/cpanel/cwaf/tmp/rules/workdir2
05/05/14 04:12:30 updater[27101] set work directory (/var/cpanel/cwaf/tmp/rules/workdir2)
05/05/14 04:12:30 updater[27101] extract rules
05/05/14 04:12:30 updater[27101] ERROR: wrong syntax of apache config file
05/05/14 04:12:30 updater[27101] cpanel info: Configuration problem detected on line 58 of file /var/cpanel/cwaf/rules/cwaf_05.conf: Error creating rule: Error compiling pattern (offset 0): regular expression too large
--- /var/cpanel/cwaf/rules/cwaf_05.conf ---
52SecRule REQUEST_COOKIES "@rx a:[0-9]{4,}:{(.*R:.*){4000,}" \
53 "id:220000,\
54 msg:'COMODO WAF: found CVE 2007-1286 attack',\
55 phase:1,\
56 deny,\
57 status:504,\
58 ===> t:none"
<===
59SecRule REQUEST_LINE “@contains /includes/header.php”
60 "chain,
61 id:220010,
62 msg:‘COMODO WAF: found CVE-2008-2898 attack’,
63 phase:2,
64 deny,
— /var/cpanel/cwaf/rules/cwaf_05.conf —
05/05/14 04:12:30 updater[27101] apache httpd restart failed (try 1)
05/05/14 04:12:30 updater[27101] workdir is /var/cpanel/cwaf/tmp/rules/workdir2
05/05/14 04:12:30 updater[27101] set work directory (/var/cpanel/cwaf/tmp/rules/workdir1)
05/05/14 04:12:30 updater[27101] update failed, restore previous rules version
05/05/14 04:12:40 updater[27101] successful apache httpd restart
05/05/14 04:12:40 updater[27101] update successful
05/05/14 04:12:40 updater[27101] update process finished!