Author Topic: Problem with mod_security  (Read 9810 times)

0 Members and 1 Guest are viewing this topic.

Problem with mod_security
« on: February 02, 2017, 05:21:09 PM »
I've installed CWP7pro on a dedicated and I'm facing a problem with mod_security.
If I install mod_security, apache can't start and gives the following error:
Code: [Select]
httpd: Syntax error on line 510 of /usr/local/apache/conf/httpd.conf: Syntax error on line 9 of /usr/local/apache/conf.d/mod_security.conf: Cannot load modules/ into server: /usr/local/apache/modules/ undefined symbol: apr_crypto_block_cleanup
Line 9 of /usr/local/apache/conf.d/mod_security.conf is the one inbetween IfModule tags:
Code: [Select]
<IfModule !mod_security2.c>
  LoadModule security2_module  modules/

Uninstalling mod_security brings apache back to life.
Any ideas?

Re: Problem with mod_security
« Reply #1 on: February 03, 2017, 01:57:18 AM »
From my other support ticket, hope it helps you:

OK so there is some sort of issue with the CWP install process for mod_security2.

Workaround is:

- Install modsecurity through CWP GUI so it generates the main config and OWASP rules

- Then reinstall mod_security2 manually to overwrite the issue with

#Download ModSecurity

#Config checksum of download
sha256sum -c modsecurity-2.9.1.tar.gz.sha256

#Install ModSecurity:
tar -xvf modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1
./configure --with-apxs=/usr/local/apache/bin/apxs
sudo make install
cp /usr/local/modsecurity/lib/ /usr/local/apache/modules

Restart Apache, fixed!

If this was helpful let me know, spent a couple of hours getting to the bottom of it in preparation for centos CWP 6 to 7 migration.


Re: Problem with mod_security
« Reply #2 on: February 03, 2017, 10:07:55 AM »
warwicknz you're my hero!
A big thank you to you, my friend!
I tried to install mod_security manual but not in the right order.
One more question. When I try the test link it should give me a "403 Forbidden" message but in my case, it gives me "unable to connect" message. Do you have any ideas why is this happening?

Never mind, I checked it by changing the IP with a domain and it gives 403 Forbidden. Also, mod_security log gives the right message. So, I guess it' working great  ;)
« Last Edit: February 03, 2017, 10:17:06 AM by vtheod »