All of a sudden, after a cPanel update, all sites on our server stopped working. HTTP would not start because:
==========
[~]# service httpd restart
Syntax error on line 31 of /var/cpanel/cwaf/rules/cwaf_01.conf:
ModSecurity: Found another rule with the same id
I deleted that file for the moment and got similar errors for subsequent cwaf conf files. I finally uninstalled and reinstalled CWAF, and things look normal now.
However, it’s very concerning that a component like this can take down all of the sites on a server. How can we keep this from happening again? Do we need to add Comodo as a vendor and stop using the plugin? Or is there another solution?
“Syntax error on line 31 of /var/cpanel/cwaf/rules/cwaf_01.conf:”
We had the same problem. We found by reverting to the previous rule ( 1.25 ) set it fixed the error. So the current rule set has same rule IDs causing the error.
Did you use uninstall script to remove plugin before reinstall it again? # cd /var/cpanel/cwaf/scripts && ./uninstall_cwaf.sh
However, there is way to clear rules without plugin reinstall.
Since plugin have legacy incremental update procedure (which would be totally removed in next release of plugin), content of previous rules update added to content of new update.
And this can lead to broken rules again.
Please try following commands: # rm -rf /var/cpanel/cwaf/rules/* - remove rules content # /var/cpanel/cwaf/scripts/updater.pl - update rules to latest version
I had uninstalled and reinstalled the plugin. Then, to be safe I had run the other set of commands to update the rules to the latest version. When it happened again, I noticed that the plugin displayed “0” (as in zero) as the current rules version. So something got lost in the shuffle. Hopefully it won’t happen again.
If you like we can take closer look at your server, to be sure all is ok.
If you interested please submit a ticket to support so we can ask sensitive info or even ssh access. Submit a ticket - Powered by Kayako Help Desk Software (Department ‘WAF Support’)