cwaf update error rule set 1.109

mangelot

Verified User
Joined
Jan 11, 2007
Messages
70
Location
Enschede, Netherlands
Hello

We noticed an update error in
Comodo ModSecurity Rule Set 1.108 update to 1.109 is available

After custombuild install httpd doesn't start

service httpd restart
Code:
Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: Syntax error on line 51 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/conf/extra/httpd-phpmodules.conf: Syntax error on line 32 of /etc/httpd/conf/extra/httpd-modsecurity.conf: Syntax error on line 1 of /etc/modsecurity.d/comodo_rules.conf.main: Syntax error on line 2 of /etc/cwaf/cwaf.conf: No matches for the wildcard '*.conf' in '/usr/local/cwaf/etc/httpd/domains', failing (use IncludeOptional if required)
                                                           [FAILED]

This is because the path /usr/local/cwaf/etc/httpd/domains hasn't any exclude rules for domains (read: folder is empty)

Solution 1

change file /usr/local/cwaf/etc/cwaf.conf

Include /usr/local/cwaf/etc/httpd/domains/*.conf
to
IncludeOptional /usr/local/cwaf/etc/httpd/domains/*.conf

solution 2

echo "#" > /usr/local/cwaf/etc/httpd/domains/00_blank.conf
 
Last edited:
We experienced the same issue on 3 of our boxes yesterday. Similar solution here;

touch /usr/local/cwaf/etc/httpd/domains/foo.conf
/etc/init.d/httpd restart
 
I had to solve this updating to ModSecurity 1.108 (added the 00_blank.conf to /domains/)

Updating ModSecurity to 1.109 today the 00_blank.conf in /domains/ was removed and Apache failed to start again.

How can this be permanently fixed?
 
It appears this bug has been fixed in custombuild. The following did the trick for us:

Code:
./build update
./build modsecurity_rules

This updates to the latest cwaf rules and includes the IncludeOptional option.
 
Back
Top