Workaround For EasyApache's ModSecurity Rule ID Assignment Bug

vectro

New Member
EasyApache comes with ModSecurity 2.7, which requires that every rule have a unique ID number. If old rules don't have an ID, EasyApache assigns them. There are bugs in the way EasyApache assigns ID numbers. Sometimes rules are not added to some lines. Other times rules are added, but Apache won't start because of ID errors on certain lines, despite those lines having ID numbers.

The workaround is to install ModSecurity 2.6.8 and continue using rules without ID numbers. Use these commands from the shell to do this:

wget http://iweb.dl.sourceforge.net/proj...-apache/2.6.8/modsecurity-apache_2.6.8.tar.gz
tar -zvxf modsecurity-apache_2.6.8.tar.gz
cd modsecurity-apache_2.6.8
./configure --with-apxs=/usr/local/apache/bin/apxs
make
make install
/usr/local/cpanel/bin/apache_conf_distiller --update

Use an Apache configuration include file (probably /usr/local/apache/conf/includes/pre_main_global.conf) to add this:

SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
SecRule REMOTE_ADDR "^127.0.0.1$" nolog,allow

This will enable the module and logging. Custom rules can be placed in /usr/local/apache/conf/includes/pre_virtualhost_2.conf. The cPanel default rules (if used) should be moved from /usr/local/apache/conf/modsec2.user.conf to to pre_virtualhost_2.conf.
 

vectro

New Member
No problem. I should add that it's necessary to remove ModSecurity from the EasyApache profile and recompile before doing the steps I outlined.
 

vectro

New Member
When doing this workaround, the ModSecurity plug-in is removed from WHM. ConfigServer ModSecurity Control can be used as a replacement.

Code:
wget http://www.configserver.com/free/cmc.tgz
tar -xzf cmc.tgz
cd cmc
sh install.sh
cd ..
rm -Rfv cmc/ cmc.tgz
http://configserver.com/cp/cmc.html
 

vectro

New Member
I reported this to cPanel when it first happened. The most recent entry in the EasyApache changelog shows this:

Fixed Case 63498 ModSecurity: Resolve auto-id generation in chain rules containing comments and blank lines
I believe the issue has been resolved now and EasyApache will assign rules properly.
 
Top