Error: Cant restart Apache

Hi Folks,

I’m having the following problem with the cwaf plugin in cpanel 70:

I really dont know what is happening, because apache is restarted without problems but the plugin still said about an error.

Can you help me?

Thanks!

Regards

Current rules version 1.166 (Latest version)
CWAF plugin version 2.22 (Latest version)
Web Platform Apache
Apache version 2.4.33
Mod_security compatible yes
Mod_security loaded yes
Mod_security conf /etc/apache2/conf.d/zzzz_cwaf_security2.conf

CPANEL v70.0.43

I have the same problem! have not been able to update for a while now. Very frustrating. same exact errors

Same problem too :-\

Same here. 2 servers.

Exact same problem here - 1.66 ruleset is successfully downloaded, but update fails and reverts to 1.65 ruleset. Running CPanel v70.0.44.

Log shows:


26/05/18 23:21:35 updater[7193]  debug is ON, level = 10
26/05/18 23:21:35 updater[7193]  create pid file
26/05/18 23:21:35 updater[7193]  try to get data from CWAF server
26/05/18 23:21:35 updater[7193]  lwp_params: timeout=60 sec, save_to_file flag: 0
26/05/18 23:21:36 updater[7193]  normalize content
26/05/18 23:21:36 updater[7193]  parse JSON from CWAF server
26/05/18 23:21:36 updater[7193]  got answer from CWAF (OK)
26/05/18 23:21:36 updater[7193]  save response
26/05/18 23:21:36 updater[7193]  lwp_params: timeout=60 sec, save_to_file flag: 1
26/05/18 23:21:38 updater[7193]  file has been downloaded successfully: cwaf_rules-1.166.tgz
26/05/18 23:21:38 updater[7193]  /var/cpanel/cwaf/tmp/rules.tgz original md5sum - c0d702075e14ba0098158ad6cbe03093
26/05/18 23:21:38 updater[7193]  /var/cpanel/cwaf/tmp/rules.tgz local md5sum - c0d702075e14ba0098158ad6cbe03093
26/05/18 23:21:38 updater[7193]  file successfully saved (/var/cpanel/cwaf/tmp/rules.tgz)
26/05/18 23:21:38 updater[7193]  make backup for previous rules version
26/05/18 23:21:38 updater[7193]  prepare to remove directory /var/cpanel/cwaf/tmp/rules/workdir1
26/05/18 23:21:38 updater[7193]  remove directory /var/cpanel/cwaf/tmp/rules/workdir1
26/05/18 23:21:38 updater[7193]  set work directory (/var/cpanel/cwaf/tmp/rules/workdir1)
26/05/18 23:21:38 updater[7193]  extract rules
26/05/18 23:21:38 updater[7193]  link userdata to rules

....

26/05/18 23:21:38 updater[7193]  scheme is not changed, no transformation required
26/05/18 23:21:38 updater[7193]  updating user exclude lists with new excludes from rules
26/05/18 23:21:38 updater[7193]  Excludes: nothing to update
26/05/18 23:21:41 updater[7193]  ERROR: can't restart apache
26/05/18 23:21:41 updater[7193]  cpanel info: Apache restarted successfully.

26/05/18 23:21:41 updater[7193]  webserver restart failed (try 1)
26/05/18 23:21:41 updater[7193]  update failed, restoring previous rules version
26/05/18 23:21:41 updater[7193]  set work directory (/var/cpanel/cwaf/tmp/rules/workdir2)
26/05/18 23:21:44 updater[7193]  ERROR: can't restart apache
26/05/18 23:21:44 updater[7193]  cpanel info: Apache restarted successfully.

26/05/18 23:21:44 updater[7193]  webserver restart failed (try 2)
26/05/18 23:21:56 updater[7193]  ERROR: can't restart apache
26/05/18 23:21:56 updater[7193]  cpanel info: Apache restarted successfully.

26/05/18 23:21:56 updater[7193]  webserver restart failed (try 3)
26/05/18 23:21:56 updater[7193]  update successful
26/05/18 23:21:56 updater[7193]  update process finished

My site data:

Current rules version 1.165 Rules 1.166 is available
CWAF plugin version 2.22 (Latest version)
Web Platform Apache
Apache version 2.4.33
Mod_security compatible yes
Mod_security loaded yes
Mod_security conf /etc/apache2/conf.d/zzzz_cwaf_security2.conf

The automatic weekly rules update has now successfully implemented the new ruleset (1.166) so it looks like the problem is only with an attempt to manually update. So the problem reported above has the workaround of simply increasing frequency of checks for updates.

However, I ran into a similar problem when I attempted to disable a rule after a false positive on a particular domain.

After selecting the domain and the rule to disable, and clicking to implement the changes – I received this error message:

ERROR! can not restart httpd, delete domain exclude list

So again, the system is having difficulty detecting the httpd restart.

However – also as a simple workaround – I simply added my IP to the whitelist – and in that case, I received a message advising me to restart apache. So that might be a solution to the problems in detecting a restart – that any time the auto-restart seems to fail, the changes be retained and the user notified to restart apache. If we are the CPanel Comodo WAF interface to be performing any of the actions giving us a problem, it is only a very simple additional step to to the restart manually.

I have more then one server all having this issue, I cannot even edit / turn off rules without getting an error. It is stuck broken, the /var/log/messages show this repeating over and over

Jun 1 16:49:33 host systemd: Reloading.
Jun 1 16:49:33 host systemd: [/etc/systemd/system/ovzhostname.service:3] Unknown lvalue ‘after’ in section ‘Unit’
Jun 1 16:49:33 host systemd: [/etc/systemd/system/ovzhostname.service:4] Unknown lvalue ‘before’ in section ‘Unit’
Jun 1 16:49:33 host systemd: Configuration file /etc/systemd/system/mysql.service.d/limits.conf is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
Jun 1 16:49:33 host systemd: [/usr/lib/systemd/system/vzfifo.service:19] Support for option SysVStartPriority= has been removed and it is ignored
Jun 1 16:49:33 host systemd: Reloading.

Sadly it appears non of the sites I have running Comodo are functioning, I cannot disable any rules, and one site is failing because of an iframe false positive.

First time disappointed with Comodo

Hello.
We are still working on this issue.
It seems that WHM 7 has it own modsecurity ruleset with their own configs that conflict with CWAF client.
It requires additional time for analysis.
Sorry for the late reply.

Any position? The problem continues in all our services, we can not update the rules![b]

webserver restart failed[/b][b]

ERROR: can’t restart apache

cpanel info: Apache restarted successfully[/b]

Did you find a solution to this problem?

Here all services have this problem, we can not update to the latest rules, always returns the error:

[b]webserver restart failed

update successful

update process finished[/b]

Similar issue here.

This is SIGNIFICANT and means no one running WHM 7 can use your module, or at least edit rules … I have waiting patiently for weeks. IS there ANY update? I appreciate this is free, however it is broken pretty bad …

Sorry for the lack of news. Research of issue took longer than expected. The development of a new version of the CWAF plug-in continues. Also it is necessary to perform testing. We plan to release a new version in maximum 2 weeks. Sorry for the delay.
Thank you for your patience.
Regards.

Any updates?

Release of CWAF plugin v2.23 planned to Monday.

Plugin v2.23 released.

Thank you :slight_smile:

CWAF plugin v2.23 released.