modsecurity nginx_apache wont start

kevinjansen

Verified User
Joined
Sep 9, 2006
Messages
11
Dear,

I am trying to install modsecurity since we are having issues with try's for sql injections lately, and i found out that modsecurity is the tool to prevent this.
But after the installation nginx wont start:

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/02_Global_Generic.conf. Line: 83. Column: 98. Expecting an action, got: ctl:responseBodyAccess=On,rev:1,severity:2,tag:'CWAF',tag:'Generic'" in /etc/nginx/nginx-modsecurity-enable.conf:2

I have also tried with only apache with no succes either (dont have the error for that one, since i prefer nginx_apache)

What i have done:
options.conf
modsecurity=3.0 (also tried with "yes")
modsecurity_ruleset=comodo

./build update
./build modsecurity
./build modsecurity_ruleset

After getting errors i also tried:

./build rewrite_confs

But still no success. Then i tried on our test server a full rebuild
./build all d

Same error.

Some details:
./build version
2.0.0 (rev: 1972)

Debian Stretch 9 - Debian 4.9.130-2
With owasp as ruleset its working, but i heard that comodo is better?


Is comodo ruleset currently broken for Debian 9 with nginx_apache?

Thanks in advance,

Kevin
 
We use comodo ruleset as-is, without any modifications. I contacted them on this case, and they've told me that they're planning to release a fix next week, however, it's all up to them. I'd suggest using OWASP until they release a bugfix. Thank you!
 
Just a FYI: they announced it should work now :)
I guess it doesnt.
Without knowing this issue, I tried a fresh install with
webserver=nginx_apache and comodo as modsecurity, however ngnix fails to start with a similar error after install.
I am trying to switch to owasp as of now. Is it possible that you need to update anything in custombuild packs?
Regards.
PS: I did an automated install of directadmin, I may have skipped any warning if exists in standard directadmin install.
Another PS: I use centos 7, not debian like kevinjasen.
 
Last edited:
I had a similar issue on update:

Jan 29 11:30:10 nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/cwaf/cwaf.conf. Line: 2. Column: 57. Invalid input: IncludeOptional /usr/local/cwaf/etc/httpd/domains/*.conf in /etc/nginx/nginx-modsecurity-enable.conf:2

I removed the contents of /usr/local/cwaf/etc/httpd/domains/, recreated by hand (as reinstall didn't fix/recrate the contents), and then reinstalled modsecurity/cwaf and restarted nginx_apache again to get it all working. There wasn't anything out of the ordinary in there aside from a .conf-bak file, but even with that removed it still gave me the same error.
 
I've just noticed comodo modsecurity + nginx_apache stopped working since yesterday with similar error

Code:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/cwaf/cwaf.conf. Line: 1. Column: 45. /usr/local/cwaf/rul ...

Rebuilding nginx_apache or modescurity will not solve this. I have to switch temporarily to owasp.
 
And I see this today. nginx_apache is not working with either OWASP or Comodo:

Apr 26 21:03:07 server systemd[1]: Starting The Apache HTTP Server...
Apr 26 21:03:07 server httpd[3466]: httpd: Syntax error on line 51 of /etc/httpd/conf/httpd.conf: Syntax error on line 5 of /etc/httpd/conf/extra/httpd-phpmodules.conf: Syntax error on line 36 of /etc/httpd/conf/extra...
Apr 26 21:03:07 server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 26 21:03:07 server systemd[1]: Failed to start The Apache HTTP Server.
Apr 26 21:03:07 server systemd[1]: Unit httpd.service entered failed state.
Apr 26 21:03:07 server systemd[1]: httpd.service failed.


Apr 26 20:55:07 server systemd[1]: Starting The nginx HTTP and reverse proxy server...
Apr 26 20:55:07 server nginx[5971]: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/cwaf/cwaf.conf. Line: 1. Column: 45. /usr/local/cwaf/rules/rules.conf.main: Not able to open file. Looking at: '...
Apr 26 20:55:07 server nginx[5971]: nginx: configuration file /etc/nginx/nginx.conf test failed
Apr 26 20:55:07 server systemd[1]: nginx.service: control process exited, code=exited status=1
Apr 26 20:55:07 server systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Apr 26 20:55:07 server systemd[1]: Unit nginx.service entered failed state.
Apr 26 20:55:07 server systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
 
In my case, it did not work because server needs to restart at least once. Since I setup server from scratch using script, it needs to restart at least once. or I will get the error because nginx couldn't be started. Mine is related to this: https://serverfault.com/questions/421460/nginx-failed-to-start-cannot-assign-requested-address. After that, I just need to rebuild modsecurity:

Code:
cd /usr/local/directadmin/custombuild
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build modsecurity_rules

Your error message is similar to mine. Maybe you can try restart server and rebuild using the above command
 
Last edited:
@maxi32 thank you, I will try that. I am still trialling DA, so I'm going the wipe the server and start over. There's so much to figure out, especially things that a cpanel install does automatically and by default.
 
Back
Top