Workaround For EasyApache's ModSecurity Rule ID Assignment Bug


New Member
EasyApache comes with ModSecurity 2.7, which requires that every rule have a unique ID number. If old rules don't have an ID, EasyApache assigns them. There are bugs in the way EasyApache assigns ID numbers. Sometimes rules are not added to some lines. Other times rules are added, but Apache won't start because of ID errors on certain lines, despite those lines having ID numbers.

The workaround is to install ModSecurity 2.6.8 and continue using rules without ID numbers. Use these commands from the shell to do this:

tar -zvxf modsecurity-apache_2.6.8.tar.gz
cd modsecurity-apache_2.6.8
./configure --with-apxs=/usr/local/apache/bin/apxs
make install
/usr/local/cpanel/bin/apache_conf_distiller --update

Use an Apache configuration include file (probably /usr/local/apache/conf/includes/pre_main_global.conf) to add this:

SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog logs/modsec_audit.log
SecDebugLog logs/modsec_debug_log
SecDebugLogLevel 0
SecDefaultAction "phase:2,deny,log,status:406"
SecRule REMOTE_ADDR "^$" nolog,allow

This will enable the module and logging. Custom rules can be placed in /usr/local/apache/conf/includes/pre_virtualhost_2.conf. The cPanel default rules (if used) should be moved from /usr/local/apache/conf/modsec2.user.conf to to pre_virtualhost_2.conf.


New Member
No problem. I should add that it's necessary to remove ModSecurity from the EasyApache profile and recompile before doing the steps I outlined.


New Member
When doing this workaround, the ModSecurity plug-in is removed from WHM. ConfigServer ModSecurity Control can be used as a replacement.

tar -xzf cmc.tgz
cd cmc
cd ..
rm -Rfv cmc/ cmc.tgz


New Member
I reported this to cPanel when it first happened. The most recent entry in the EasyApache changelog shows this:

Fixed Case 63498 ModSecurity: Resolve auto-id generation in chain rules containing comments and blank lines
I believe the issue has been resolved now and EasyApache will assign rules properly.