Nginx, Modsecurity & Imunify360 Error

[Rockyuk]

Hello Everyone,
My nginx has stopped with the following error

2023/03/02 00:02:51 [emerg] 97663#0: "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/000_i360_0.conf. Line: 82. Column: 254. Expecting a variable, got:  :  SCRIPT_USERNAME}||T:APACHE||',phase:2,deny,status:406,t:none,t:lowercase,severity:2,tag:'service_i360custom'" in /etc/nginx/nginx-modsecurity-enable.conf:2

Any ideas please?

Thanks

 

[Richard G]

Line: 82. Column: 254. Expecting a variable, got: : SCRIPT_USERNAME}||T:APACHE||'

Hello.
It explains itself, there is an issue on line 82 of the 000_i360_0.conf file.

I'm no scripter and I could be wrong, but seems to me that in the first part of that line:
SCRIPT_USERNAME}
should be:
{SCRIPT_USERNAME}

Try and change it like this and see if that helps.
If not, then i don't know except that something in that line is incorrect. Or something in nginx-modsecurity-enable.conf.

 

[youstable]

Hello Everyone,
My nginx has stopped with the following error

2023/03/02 00:02:51 [emerg] 97663#0: "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/000_i360_0.conf. Line: 82. Column: 254. Expecting a variable, got:  :  SCRIPT_USERNAME}||T:APACHE||',phase:2,deny,status:406,t:none,t:lowercase,severity:2,tag:'service_i360custom'" in /etc/nginx/nginx-modsecurity-enable.conf:2

Any ideas please?

Thanks

The easiest fix for this issue would be contacting the CloudLinux team, they are pretty good in Support. or try what @Richard G Suggested above

 

[Rockyuk]

The easiest fix for this issue would be contacting the CloudLinux team, they are pretty good in Support. or try what @Richard G Suggested above

Thank you, the other suggested fix did not work. I will contact CloudLinux Team.

 

[youstable]

Thank you, the other suggested fix did not work. I will contact CloudLinux Team.

Do update here if CloudLinux Team were able to resolve your issue

 

[Rockyuk]

I will do once they reply its been a while now. I think I may have two versions of modsecurity installed 2.97 and 3. How do I remove version 2.97 to see if it may be conflicting?

 

[Rockyuk]

Ok, I spoke to CloudLinux and after all the back and forth it is not compatible with apache & nginx. You will need apache or litespeed for it to work.

 

[youstable]

Ok, I spoke to CloudLinux and after all the back and forth it is not compatible with apache & nginx. You will need apache or litespeed for it to work.

So you got the resolution

 

[nlaruelle]

CloudLinux / Imunify360 have an article that say "not yet compatible with nginx_apache for DirectAdmin" :

https://cloudlinux.zendesk.com/hc/en-us/articles/6280937430556-Imunify360-on-server-with-Nginx-as-a-proxy-with-Apache

So from my understanding, we can expect a compatibility in some time.

 

[ambrozy]

The investigation is being tracked under the ID DEF-36043. Currently, it's not even planned.

 

[nlaruelle]

The investigation is being tracked under the ID DEF-36043. Currently, it's not even planned.

Yes, you are right @ambrozy. I recently asked CloudLinux again when they plan to make Imunify360 compatible with DirectAdmin + nginx_apache, and the answer was clear from Cloudlinux: there is no ETA. So, it is not something that will happen soon.
That's a shame. We have to optimize everything we can on our side, and at some point, consider paying for another premium license (LiteSpeed) if Apache does not do the job well enough anymore.