nginx_apache comodo waf

Pouyar69

Verified User
Joined
Feb 2, 2019
Messages
10
Hi.

is comodo compatible with nginx_apache web server?

i tried to install mod security with comodo rules:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build nginx_apace

but after installation nginx cant start:

Code:
Restarting nginx.
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
 
Hello,

While I can not answer your question, as I don't use it on my servers and server of my customers, and have no idea whether or not it's compatible, I could help you to investigate the incident.

Please let us know what you see when running:

Code:
nginx -t

and
Code:
[/FONT]systemctl status nginx.service
 
thanks Alex

nginx -t :

Code:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already.  in /etc/nginx/nginx-modsecurity-enable.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed

and systemctl status nginx.service:

Code:
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2019-02-03 13:53:07 +0330; 13s ago
  Process: 26318 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
 Main PID: 14485 (code=exited, status=0/SUCCESS)

Feb 03 13:53:07 srv.xyz.com systemd[1]: Starting The nginx HTTP and reve....
Feb 03 13:53:07 srv.xyz.com nginx[26318]: nginx: [emerg] "modsecurity_ru...2
Feb 03 13:53:07 srv.xyz.com nginx[26318]: nginx: configuration file /etc...d
Feb 03 13:53:07 srv.xyz.com systemd[1]: nginx.service: control process e...1
Feb 03 13:53:07 srv.xyz.com systemd[1]: Failed to start The nginx HTTP a....
Feb 03 13:53:07 srv.xyz.com systemd[1]: Unit nginx.service entered faile....
Feb 03 13:53:07 srv.xyz.com systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
 
Last edited:
Hello

I have same problem, On /etc/nginx/nginx-modsecurity-enable.conf I have :

Code:
modsecurity on;
modsecurity_rules_file /etc/nginx/nginx-modsecurity.conf;
 
The following commands should fix it:

Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs

should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.
 
The following commands should fix it:

Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs

should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.

It solved my problem. Thank you Alex.
 
same issue with Nginx, solved with modified code of above:
Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx/conf/
[ -f "custom/nginx/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx/conf/nginx-modsecurity.conf custom/nginx/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx/conf/nginx-modsecurity.conf
./build rewrite_confs
Will DirectAdmin fix this or should we always do this afterwards?
 
The following commands should fix it:

Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs

should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.

solved my issue as well!
 
It appears I have a similar problem, but with different outcome.

I started installing modsecurity with owasp, but since I got a false positive just by updating a Worpress article, switched to comodo ruleset.

\var\log\CWAF\updater.log says this:

21/09/19 20:27:27 updater[29337] ERROR: can't restart nginx. nginx returns: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already. in /etc/nginx/nginx-modsecurity-enable.conf:2

...which is how I ended up in this thread. The suggested fixes don't work, however.

nginx -t
Code:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

systemctl status nginx.service
Code:
* nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: activating (start) since Sat 2019-09-21 17:03:36 EDT; 48s ago
  Process: 16271 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
  Process: 16268 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 20641 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nginx.service
           |-16272 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           |-16273 nginx: worker process
           |-16274 nginx: worker process
           |-16275 nginx: worker process
           `-16276 nginx: worker process

Sep 21 17:03:36 server systemd[1]: Starting The nginx HTTP and reverse proxy server...
Sep 21 17:03:37 server nginx[16268]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 21 17:03:37 server nginx[16268]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 21 17:03:37 server systemd[1]: Can't open PID file /var/run/nginx.pid (yet?) after start: Too many levels of symbolic links
Any help greatly appreciated!
 
So here is the issue:

/sys/devices/virtual/net/venet0/subsystem

is a virtual link pointing to:

/sys/class/net/

At the same time:

/sys/class/net/venet0

is a virtual link pointing to:

/sys/devices/virtual/net/venet0

Something tells me this can't work. Some goes for these links here:

/sys/devices/virtual/net/lo/subsystem
/sys/devices/virtual/net/gretap0/subsystem
/sys/devices/virtual/net/gre0/subsystem

I don't have the slightest clue what this is all about, but it started when I updated custombuild and tried to install modsecurity (as described above).

UPDATE: Seems like this has nothing to do with modsecurity - just a coincidence while updating other files. Here's the story:

https://forums.cpanel.net/threads/ups-177-service-failures-after-centos-7-7-update.659933/
 
Last edited:
Back
Top