Resolved Web Application Firewall crash after Upgrade from 12.5.30 to Onyx

[fabian koeppel]

Hello

I have Update my Server from Plesk 12.5.30 to Onyx and from Ubuntu 14.04 to 16.04
now i have the Problem when i have the Web Apllication Firewall ON so every morning ( all Day ) al Websites have the "Bad Gatteway 503 Error" Wehn i make OFF the Web Apllication Firewall All Websites run. I can Web Apllication Firewall OF and ON. now all websites Work again for 1 Day. On morning all websites again "Bad Gateway 503 Error"

fail2ban is not the Problem. I have this ON. And never ip is in Bann list. And i have also the IP from the server in whiteliste from fail2ban. The Problem is the Web Apllication Firewall. On Plesk 12.5.30 works Web Apllication Firewall perfect. Ond Onyx i have crash all day.

 

[UFHH01]

Hi fabian koeppel,

sorry, but your conclusion/investigation, that the "Web Application Firewall crashes" is just wrong.

As you might know, the "Web Application Firewall" is an apache - module ( ModSecurity ), so each time you "switch it on" or "switch it off", your apache - webserver will restart with the new configuration ( module on / module off ). With this information, you should now investigate the APACHE - log for errors/issues/problems and due to the fact that you state "every morning", it leads us to a combination of apache and your daily logrotation, where the root cause might be.

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

Now that you are closer to a possible root cause, you should consider to use the => SEARCH option ( at the forum and at the => Plesk Knowledge-Base ) and you will be surprised, that your described issue, in combination with apache and logrotation has been discussed quite a few times at Plesk forum threads ( the today search result amount is 130 ) and Plesk even provides a suggestion in a depending KB - article, how you could solve such an issue.

=> https://talk.plesk.com/search/search?&keywords="apache"+"logrotate"

... leads us for example to: => #4 / => #5 / => #17 / ...
​

AND the already mentioned KB - article can be found at:

=> Apache crashes on reload: seg fault or similar nasty error detected in the parent process ( KB - article 128431 )​

 

[fabian koeppel]

oh thank you. i have read https://kb.plesk.com/128431 and i have absolut the same logs entries. /var/log/apache2/error.log.1 ( bevor apache make e new file ( logrotation) i have also

[timestamp] [mpm_event:notice] [pid 20056:tid 140176783820672] AH00493: SIGUSR1 received. Doing graceful restart
[timestamp] [core:notice] [pid 20056] AH00060: seg fault or similar nasty error detected in the parent process

on /var/log/apache2/error.log i do not have the entrie. Only on /var/log/apache2/error.log.1 bevor make a new log file. and crash timestamp is identical the error.log entrie.

I have make the following Resolutions As described in the article

1. mpm_event to mpm_prefork
2. Apache restart interval' to 60 seconds
3. Change "/etc/init.d/apache2 reload" to "/etc/init.d/apache2 restart

Whether problem solved, I'll see in about 24 hours. I will report here.

thanks.

 

[UFHH01]

Hi fabian koeppel,

pls. see as well: => #4
... for an additional point 4. to your work-around.

 

[fabian koeppel]

ah sorry i have not see the Point 4 whit /etc/logrotate.d/mod_security" now i have also change /etc/logrotate.d/mod_security" from
/etc/init.d/apache2 reload to
/etc/init.d/apache2 restart

thanks

I'll see in about 24 hours. I will report here.

 

[fabian koeppel]

Problem is fixed. Thank you UFHH01. Your solution has fixed it.

Here again summarized.

1. mpm_event to mpm_prefork ( in Plesk Webgui Home > Tools & Settings > Apache Web Server Settings )
2. Apache restart interval' to 60 seconds ( In Plesk Webgui Home > Tools & Settings > Apache Web Server Settings )
3. In /etc/logrotate.d/apache2 Change: "/etc/init.d/apache2 reload" to "/etc/init.d/apache2 restart
4. In /etc/logrotate.d/mod_security change: /etc/init.d/apache2 reload to /etc/init.d/apache2 restart