• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Apache fails to (re)start with Atomic ModSecurity

WebHostingAce

Silver Pleskian
Server operating system version
CentOS Linux 7.9.2009
Plesk version and microupdate number
18.0.56 Update #3
Hi All,

Since last week, Apache stopped working randomly with the error message below in the journalctl -u httpd.service

Starting The Apache HTTP Server...
Thu Nov 02 08:00:58.583389 2023] [so:warn] [pid 1365:tid 139844436576384] AH01574: module unique_id_module is already loaded, skipping
AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:
ModSecurity: Found another rule with the same id
httpd.service: main process exited, code=exited, status=1/FAILURE
Failed to start The Apache HTTP Server.

By disabling and re-enabling the ModSecurity fix the issue temporarily.

Does anyone else experience the same issue?

Thank you.
 
There could be a "backup" directory somewhere like /etc/httpd/conf/modsecurity.d/rules/tortix.backup/. If so, simply move it out of the path into some path that is not in an "include" path of the web server configuration.
 
Thank you Peter.

There is this backup directory /etc/httpd/conf/modsecurity.d/rules/tortix.backup/ in every server but only this server having this issue.
 
Thank you Peter.

There is this backup directory /etc/httpd/conf/modsecurity.d/rules/tortix.backup/ in every server but only this server having this issue.

@WebHostingAce

Please check line 35 of

/etc/apache2/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

and verify whether it contains

SecAuditLog logs/audit_log


If that is the case, then a referral has been made to a non-existing directory, hence causing Apache to fail to start.

Simple solution, run the command : mkdir /etc/apache2/logs && touch /etc/apache2/logs/audit_log

Please note that any edit of the tortix_waf.conf file will be overwritten.


It is highly recommended that you first inspect the output of Apache, when doing a manual stop/start sequence.

That can give you more indications of where to look at, since the issue can be related to many well-known and not-so-well-known Apache issues.


I hope the above helps a bit.......


Kind regards....
 
Thank you @trialotto

I checked this.

The issue was showing as,
AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:
ModSecurity: Found another rule with the same id

Upon checking the Rule ID in
AH00526: Syntax error on line 35 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf:

I did a grep to the whole / to see if this Rule ID was mentioned anywhere else in the server. But did not find any duplicate.
 
Please install Plesk 18.0.57 #2 (update) and check if this fixes it, because that update includes a fix for an Atomic issue.
 
Back
Top