• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Modsecurity issue with Comodo rules set. Missing folder: /var/cache/modsecurity/

Azurel

Azurel

Silver Pleskian
User name: Azurel

TITLE

Modsecurity issue with Comodo rules set. Missing folder: /var/cache/modsecurity/

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian 18.0.28, CentOS Linux 7.8.2003

PROBLEM DESCRIPTION

After switch from Atomic (free) to Comodo (free) rule sets many ips were banned.

This folder is missing: /var/cache/modsecurity/

Code: 
# ls -ld /var/cache/modsecurity/
ls: cannot access /var/cache/modsecurity/: No such file or directory

error.log
[Tue Aug 04 16:05:53.773474 2020] [:error] [pid 16755] [client USER_IPv4:38102] [client USER_IPv4] ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cache/modsecurity/global": No such file or directory [hostname "www.example.de"] [uri "/index.php"] [unique_id "XylrQam5mugGmg2ui-f5GgAAAAQ"], referer: https://www.example.de/
[Tue Aug 04 16:05:53.773539 2020] [:error] [pid 16755] [client USER_IPv4:38102] [client USER_IPv4] ModSecurity: collections_remove_stale: Failed to access DBM file "/var/cache/modsecurity/ip": No such file or directory [hostname "www.example.de"] [uri "/index.php"] [unique_id "XylrQam5mugGmg2ui-f5GgAAAAQ"], referer: https://www.example.de/
Click to expand...

With this plesk-modsecurity detect entry in /var/log/modsec_audit.log and after few entries jail recidive ban ips for a week.

STEPS TO REPRODUCE

Switch ModSecurity rules set to "Comodo".

ACTUAL RESULT

Bans many many legal users.

EXPECTED RESULT

No bans. ^^

ANY ADDITIONAL INFORMATION

This issue in plesk is 3 years old. I found a article for this ModSecurity on Plesk server reports errors: collection_store: Failed to access DBM file "/var/cache/modsecurity/": No such file or directory
But that is not a solution. Plesk should check the folder exists! I have hundred of users banned, only because I set Comodo as rules set.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Issue Problem with web application firewall - file extension is restricted by policy
Replies
3
Views
490
Linulex
Linulex
finbarr69
Resolved /var/awp/etc/config: No such file or directory, Failed to update the ModSecurity rule set
Replies
5
Views
2K
8tango
8
U
Issue Error message ID 19494#0, 5467#0 and ModSecurity
Replies
3
Views
2K
Peter Debik
P
Azurel
Issue ModSecurity: Issue with Comodo rules set?
Replies
1
Views
2K
Azurel
Azurel
A
Issue ModSecurity Rule in custom directives ignored
Replies
0
Views
1K
Abed
A
Back
Top