nginx_apache comodo waf

Pouyar69 · Feb 2, 2019

Hi.

is comodo compatible with nginx_apache web server?

i tried to install mod security with comodo rules:

Code:

cd /usr/local/directadmin/custombuild
./build update
./build set modsecurity yes
./build set modsecurity_ruleset comodo
./build modsecurity
./build nginx_apace

but after installation nginx cant start:

Code:

Restarting nginx.
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

zEitEr · Feb 3, 2019

Hello,

While I can not answer your question, as I don't use it on my servers and server of my customers, and have no idea whether or not it's compatible, I could help you to investigate the incident.

Please let us know what you see when running:

Code:

nginx -t

and

Code:

[/FONT]systemctl status nginx.service

Pouyar69 · Feb 3, 2019

thanks Alex

nginx -t :

Code:

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already.  in /etc/nginx/nginx-modsecurity-enable.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed

and systemctl status nginx.service:

Code:

● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2019-02-03 13:53:07 +0330; 13s ago
  Process: 26318 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)
 Main PID: 14485 (code=exited, status=0/SUCCESS)

Feb 03 13:53:07 srv.xyz.com systemd[1]: Starting The nginx HTTP and reve....
Feb 03 13:53:07 srv.xyz.com nginx[26318]: nginx: [emerg] "modsecurity_ru...2
Feb 03 13:53:07 srv.xyz.com nginx[26318]: nginx: configuration file /etc...d
Feb 03 13:53:07 srv.xyz.com systemd[1]: nginx.service: control process e...1
Feb 03 13:53:07 srv.xyz.com systemd[1]: Failed to start The nginx HTTP a....
Feb 03 13:53:07 srv.xyz.com systemd[1]: Unit nginx.service entered faile....
Feb 03 13:53:07 srv.xyz.com systemd[1]: nginx.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

zEitEr · Feb 4, 2019

And what you have in /etc/nginx/nginx-modsecurity-enable.conf ?

voltan · Mar 20, 2019

Hello

I have same problem, On /etc/nginx/nginx-modsecurity-enable.conf I have :

Code:

modsecurity on;
modsecurity_rules_file /etc/nginx/nginx-modsecurity.conf;

zEitEr · Mar 23, 2019

The following commands should fix it:

Code:

cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx_reverse/conf/
[ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf
./build rewrite_confs

should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.

mbsmt · Mar 29, 2019

zEitEr said:
The following commands should fix it:

Code:

cd /usr/local/directadmin/custombuild/ mkdir -p custom/nginx_reverse/conf/ [ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf ./build rewrite_confs

should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.

It solved my problem. Thank you Alex.

vancanneyt · May 3, 2019

same issue with Nginx, solved with modified code of above:

Code:

cd /usr/local/directadmin/custombuild/
mkdir -p custom/nginx/conf/
[ -f "custom/nginx/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx/conf/nginx-modsecurity.conf custom/nginx/conf/nginx-modsecurity.conf
perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx/conf/nginx-modsecurity.conf
./build rewrite_confs

Will DirectAdmin fix this or should we always do this afterwards?

lolfust1 · Jul 8, 2019

zEitEr said:
The following commands should fix it:

Code:

cd /usr/local/directadmin/custombuild/ mkdir -p custom/nginx_reverse/conf/ [ -f "custom/nginx_reverse/conf/nginx-modsecurity.conf" ] || cp -p configure/nginx_reverse/conf/nginx-modsecurity.conf custom/nginx_reverse/conf/nginx-modsecurity.conf perl -pi -e "s/^SecDefaultAction /#SecDefaultAction /" custom/nginx_reverse/conf/nginx-modsecurity.conf ./build rewrite_confs

should be executed as root on a server console.

They worked on my end with Nginx+Apache with modSecurity rules from Comodo.

solved my issue as well!

Strator · Sep 21, 2019

It appears I have a similar problem, but with different outcome.

I started installing modsecurity with owasp, but since I got a false positive just by updating a Worpress article, switched to comodo ruleset.

\var\log\CWAF\updater.log says this:

21/09/19 20:27:27 updater[29337] ERROR: can't restart nginx. nginx returns: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/cwaf/rules/00_Init_Initialization.conf. Line: 15. Column: 37. SecDefaultActions can only be placed once per phase and configuration context. Phase 2 was informed already. in /etc/nginx/nginx-modsecurity-enable.conf:2

...which is how I ended up in this thread. The suggested fixes don't work, however.

nginx -t

Code:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

systemctl status nginx.service

Code:

* nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: activating (start) since Sat 2019-09-21 17:03:36 EDT; 48s ago
  Process: 16271 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
  Process: 16268 ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 20641 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nginx.service
           |-16272 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           |-16273 nginx: worker process
           |-16274 nginx: worker process
           |-16275 nginx: worker process
           `-16276 nginx: worker process

Sep 21 17:03:36 server systemd[1]: Starting The nginx HTTP and reverse proxy server...
Sep 21 17:03:37 server nginx[16268]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 21 17:03:37 server nginx[16268]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 21 17:03:37 server systemd[1]: Can't open PID file /var/run/nginx.pid (yet?) after start: Too many levels of symbolic links

Any help greatly appreciated!

Strator · Sep 22, 2019

So here is the issue:

/sys/devices/virtual/net/venet0/subsystem

is a virtual link pointing to:

/sys/class/net/

At the same time:

/sys/class/net/venet0

is a virtual link pointing to:

/sys/devices/virtual/net/venet0

Something tells me this can't work. Some goes for these links here:

/sys/devices/virtual/net/lo/subsystem
/sys/devices/virtual/net/gretap0/subsystem
/sys/devices/virtual/net/gre0/subsystem

I don't have the slightest clue what this is all about, but it started when I updated custombuild and tried to install modsecurity (as described above).

UPDATE: Seems like this has nothing to do with modsecurity - just a coincidence while updating other files. Here's the story:

https://forums.cpanel.net/threads/ups-177-service-failures-after-centos-7-7-update.659933/

nginx_apache comodo waf

Pouyar69

Verified User

zEitEr

Super Moderator

Pouyar69

Verified User

zEitEr

Super Moderator

voltan

New member

zEitEr

Super Moderator

mbsmt

Verified User

vancanneyt

Verified User

lolfust1

Verified User

Strator

Verified User

Strator

Verified User