nginx_apache comodo waf

Pouyar69

Verified User
Joined
Feb 2, 2019
Messages
10
Hi.

is comodo compatible with nginx_apache web server?

i tried to install mod security with comodo rules:

Code:
cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build nginx_apace
but after installation nginx cant start:

Code:
Restarting nginx.
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Hello,

While I can not answer your question, as I don't use it on my servers and server of my customers, and have no idea whether or not it's compatible, I could help you to investigate the incident.

Please let us know what you see when running:

Code:
nginx -t
and
Code:
[/FONT]systemctl status nginx.service
 

Pouyar69

Verified User
Joined
Feb 2, 2019
Messages
10
thanks Alex

nginx -t :

Code:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already.  in /etc/nginx/nginx-modsecurity-enable.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
and systemctl status nginx.service:

Code:
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2019-02-03 13:53:07 +0330; 13s ago
  Process: 26318 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
 Main PID: 14485 (code=exited, status=0/SUCCESS)

Feb 03 13:53:07 srv.xyz.com systemd[1]: Starting The nginx HTTP and reve....
Feb 03 13:53:07 srv.xyz.com nginx[26318]: nginx: [emerg] "modsecurity_ru...2
Feb 03 13:53:07 srv.xyz.com nginx[26318]: nginx: configuration file /etc...d
Feb 03 13:53:07 srv.xyz.com systemd[1]: nginx.service: control process e...1
Feb 03 13:53:07 srv.xyz.com systemd[1]: Failed to start The nginx HTTP a....
Feb 03 13:53:07 srv.xyz.com systemd[1]: Unit nginx.service entered faile....
Feb 03 13:53:07 srv.xyz.com systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
 
Last edited:

voltan

New member
Joined
Dec 6, 2016
Messages
5
Hello

I have same problem, On /etc/nginx/nginx-modsecurity-enable.conf I have :

Code:
modsecurity on;
modsecurity_rules_file /etc/nginx/nginx-modsecurity.conf;
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
The following commands should fix it:

Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs
should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.
 

mbsmt

Verified User
Joined
Jul 24, 2013
Messages
123
Location
Mashhad, Iran
The following commands should fix it:

Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs
should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.
It solved my problem. Thank you Alex.
 

vancanneyt

Verified User
Joined
Dec 13, 2012
Messages
77
same issue with Nginx, solved with modified code of above:
Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx/conf/
[ -f "custom/nginx/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx/conf/nginx-modsecurity.conf custom/nginx/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx/conf/nginx-modsecurity.conf
./build rewrite_confs
Will DirectAdmin fix this or should we always do this afterwards?
 

lolfust1

Verified User
Joined
Oct 24, 2015
Messages
41
The following commands should fix it:

Code:
cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs
should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.
solved my issue as well!
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
It appears I have a similar problem, but with different outcome.

I started installing modsecurity with owasp, but since I got a false positive just by updating a Worpress article, switched to comodo ruleset.

\var\log\CWAF\updater.log says this:

21/09/19 20:27:27 updater[29337] ERROR: can't restart nginx. nginx returns: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already. in /etc/nginx/nginx-modsecurity-enable.conf:2

...which is how I ended up in this thread. The suggested fixes don't work, however.

nginx -t
Code:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
systemctl status nginx.service
Code:
* nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: activating (start) since Sat 2019-09-21 17:03:36 EDT; 48s ago
  Process: 16271 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
  Process: 16268 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 20641 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nginx.service
           |-16272 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           |-16273 nginx: worker process
           |-16274 nginx: worker process
           |-16275 nginx: worker process
           `-16276 nginx: worker process

Sep 21 17:03:36 server systemd[1]: Starting The nginx HTTP and reverse proxy server...
Sep 21 17:03:37 server nginx[16268]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 21 17:03:37 server nginx[16268]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 21 17:03:37 server systemd[1]: Can't open PID file /var/run/nginx.pid (yet?) after start: Too many levels of symbolic links
Any help greatly appreciated!
 

Strator

Verified User
Joined
Jan 19, 2011
Messages
171
So here is the issue:

/sys/devices/virtual/net/venet0/subsystem

is a virtual link pointing to:

/sys/class/net/

At the same time:

/sys/class/net/venet0

is a virtual link pointing to:

/sys/devices/virtual/net/venet0

Something tells me this can't work. Some goes for these links here:

/sys/devices/virtual/net/lo/subsystem
/sys/devices/virtual/net/gretap0/subsystem
/sys/devices/virtual/net/gre0/subsystem

I don't have the slightest clue what this is all about, but it started when I updated custombuild and tried to install modsecurity (as described above).

UPDATE: Seems like this has nothing to do with modsecurity - just a coincidence while updating other files. Here's the story:

https://forums.cpanel.net/threads/ups-177-service-failures-after-centos-7-7-update.659933/
 
Last edited:
Top