Today, our servers with cpanel STABLE 11.60.0.32 stoped working because of comodo firewall.
We’ve comodo as a VENDOR, and the system don’t work anymore with comodo as a VENDOR.
We tried to install the client, but also the client didn’t work at all, and we prefer VENDOR to client.
We had to move to OWASP again, for the webservers work again.
Our systems, are working with Cloudlinux 7, Cpanel STABLE 11.60.0.32, and EasyApache 4 (new systems don’t have EasyApache 3 anymore).
UPDATE;
CPANEL talked in this post:
RELEASE 11.60.0.34 : General Availability - Recommended
We’ll find out what happened as soon as possible.
This was really very bad. So many servers DOWN, so many client client, and it wasn’t are fault.
I Know this rules are free, but i would prefer to pay a fee, but that this doesn’t happen.
How can we trust, if Comodo doesn’t do like is competitors and always pre-test is product with every new cpanel version.
Like i said, i know, it’s free, but i would prefer to pay a fee, but this don’t happen. We’ve thousands of clients mad without necessity of that, and we trusted on Comodo 
Hi xanubi
What happened exactly emotions aside ?
What caused so many servers DOWN, so many client client ?
Do you have any logs ?
Regards, Oleg
Apache produced the following error: AH00526: Syntax error on line 27 of /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Domains.conf:
Error creating rule: Could not open phrase file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/bl_domains”: No such file or directory
And the command line:
/usr/local/cpanel/scripts/modsec_vendor update comodo_apache
warn [modsec_vendor] The system could not add the vendor: Cpanel::Exception::ModSecurity::VendorUpdateUnnecessary/(XID t2suxx) The update for vendor âcomodo_apacheâcomodo-apache-1108â
at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77.
Cpanel::Exception::create(“ModSecurity::VendorUpdateUnnecessary”, HASH(0x2a75f00)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 285
Whostmgr::ModSecurity::VendorList::ANON(Whostmgr::ModSecurity::Vendor=HASH(0x2880c30)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 197
eval {…} called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 136
Whostmgr::ModSecurity::VendorList::add(“https://waf.comodo.com/doc/meta_comodo_apache.yaml”, CODE(0x35aef60)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 288
eval {…} called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 281
Whostmgr::ModSecurity::VendorList::update(“https://waf.comodo.com/doc/meta_comodo_apache.yaml”) called at /usr/local/cpanel/scripts/modsec_vendor line 160
eval {…} called at /usr/local/cpanel/scripts/modsec_vendor line 160
scripts::modsec_vendor::update(“comodo_apache”) called at /usr/local/cpanel/scripts/modsec_vendor line 45
scripts::modsec_vendor::run(“update”, “comodo_apache”) called at /usr/local/cpanel/scripts/modsec_vendor line 24
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL âhttps://waf.comodo.com/doc/meta_comodo_apache.yamlâ
Error creating rule: Could not open phrase file “/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/bl_domains”: No such file or directory
This is very strange.
I try to update vendor rules on my test host with cPanel 60.0 (build 25) and EasyApache 4 and it success.
# /usr/local/cpanel/scripts/modsec_vendor update comodo_apache
info [modsec_vendor] You have updated the vendor “COMODO ModSecurity Apache Rule Set”.
[comodo_apache] COMODO ModSecurity Apache Rule Set
archive_url https://waf.comodo.com/api/cpanel_apache_vendor
cpanel_provided 0
description COMODO ModSecurity Rules for Apache
dist_md5 b2015d6b0f3f9e941e90b29dcbabaed4
dist_sha512 7def721258f0c180e33ae34c5f4b0a157a7a968b8f30478d94a81976bd203a772884695c27d976cdc79de08ff0098a37caaeb2e091fe0208363ca4f103b03cae
enabled 1
inst_dist comodo-apache-1108
installed 1
installed_from https://waf.comodo.com/doc/meta_comodo_apache.yaml
name COMODO ModSecurity Apache Rule Set
path /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache
report_url https://waf.comodo.com/api/cpanel_feedback?source=0&rule_set=1.108
supported_versions (5)
vendor_id comodo_apache
vendor_url https://waf.comodo.com
Try to re-create bl_domains file (where did it go??) and restart update
If it not help try to remove Comodo vendor and add it again.
Regards, Oleg
Installed comodo vendor on a new server CPANEL 11.60.34.
It installed correctly. When i run the update “/usr/local/cpanel/scripts/modsec_vendor update comodo_apache”
This is the result:
/usr/local/cpanel/scripts/modsec_vendor update comodo_apache
warn [modsec_vendor] The system could not add the vendor: Cpanel::Exception::Mod Security::VendorUpdateUnnecessary/(XID dtbve4) The update for vendor âcomodo_apa cheâcomodo-apache-1108â
at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77.
Cpanel::Exception::create(“ModSecurity::VendorUpdateUnnecessary”, HASH(0 xf2f9e0)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 28 5
Whostmgr::ModSecurity::VendorList::ANON(Whostmgr::ModSecurity::Vendo r=HASH(0x22047e0)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.p m line 197
eval {…} called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.p m line 136
Whostmgr::ModSecurity::VendorList::add(“https://waf.comodo.com/doc/meta_ comodo_apache.yaml”, CODE(0x21464a8)) called at /usr/local/cpanel/Whostmgr/ModSe curity/VendorList.pm line 288
eval {…} called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.p m line 281
Whostmgr::ModSecurity::VendorList::update(“https://waf.comodo.com/doc/me ta_comodo_apache.yaml”) called at /usr/local/cpanel/scripts/modsec_vendor line 1 60
eval {…} called at /usr/local/cpanel/scripts/modsec_vendor line 160
scripts::modsec_vendor::update(“comodo_apache”) called at /usr/local/cpa nel/scripts/modsec_vendor line 45
scripts::modsec_vendor::run(“update”, “comodo_apache”) called at /usr/lo cal/cpanel/scripts/modsec_vendor line 24
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL âhttps: //waf.comodo.com/doc/meta_comodo_apache.yamlâcomodo_apacheâcomodo-apache-1108â
This is not full error log. You have missed some characters and I can’t recognize what error message is.
I have this on my test host:
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL “https://waf.comodo.com/doc/meta_comodo_apache.yaml”: (XID phagvh) The update for vendor “comodo_apache” is unnecessary because you already have distribution “comodo-apache-1108” installed.
It means rules already installed and no update required.
Maybe your rules installed too. Please check content of folder ‘/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache’
Does it contain any rules?
What the output of:
Regards, Oleg
This is a new server, is not an example.
On the other servers, the error is that bl_domains is MISSING, i already said on other answer before this one:
/usr/local/cpanel/scripts/modsec_vendor update comodo_apache
warn [modsec_vendor] The system could not add the vendor: Cpanel::Exception::ModSecurity::VendorUpdateUnnecessary/(XID t2suxx) The update for vendor âcomodo_apacheâcomodo-apache-1108â
at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77.
Cpanel::Exception::create("ModSecurity::VendorUpdateUnnecessary", HASH(0x2a75f00)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 285
Whostmgr::ModSecurity::VendorList::__ANON__(Whostmgr::ModSecurity::Vendor=HASH(0x2880c30)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 197
eval {...} called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 136
Whostmgr::ModSecurity::VendorList::add("https://waf.comodo.com/doc/meta_comodo_apache.yaml", CODE(0x35aef60)) called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 288
eval {...} called at /usr/local/cpanel/Whostmgr/ModSecurity/VendorList.pm line 281
Whostmgr::ModSecurity::VendorList::update("https://waf.comodo.com/doc/meta_comodo_apache.yaml") called at /usr/local/cpanel/scripts/modsec_vendor line 160
eval {...} called at /usr/local/cpanel/scripts/modsec_vendor line 160
scripts::modsec_vendor::update("comodo_apache") called at /usr/local/cpanel/scripts/modsec_vendor line 45
scripts::modsec_vendor::run("update", "comodo_apache") called at /usr/local/cpanel/scripts/modsec_vendor line 24
info [modsec_vendor] Restored modsec_cpanel_conf_datastore backup
warn [modsec_vendor] The system failed to update the vendor from the URL âhttps://waf.comodo.com/doc/meta_comodo_apache.yamlâ
Error creating rule: Could not open phrase file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/bl_domains": No such file or directory
And yes, i tried to uninstall but it crashes and cannot uninstall because apache tries to restart and again the bl_domains is missing.
I can try to put a bl_domains file in the /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/ , but i need a copy of the original file, and it’s a long shot, i don’t know if it works, but it’s what the error is now.
Also i don’t know why this happen in all CENTOS/CLOUDLINUX 7 servers, and not CENTOS/CLOUDLINUX 6.
Hi
I have checked our rules and they all contain bl_domains file. this is very strange…
Please try to create empty bl_domains and run update again:
# touch /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/bl_domains
# /usr/local/cpanel/scripts/modsec_vendor update comodo_apache
I hope this help.
Regards, Oleg
It’s working again, and does the updates correctly now.
On all Cloudlinux 7 Servers, that were failing, now they’re ok.
The problem was that file bl_domain .
Glad to hear it working again!
:-TU