- Comodo ruleset in ModSecurity does not work with one of the following errors in
CONFIG_TEXT: Message: collection_store: Failed to write to DBM file "/var/cache/modsecurity/ip": Invalid argument
CONFIG_TEXT: Message: collection_store: Failed to access DBM file "/var/cache/modsecurity/ip": No such file or directory
- Server performance is poor. The memory usage is very high.
/var/cache/modsecurity/ip.pagfile is very huge (several GBs).
- Apache stopped working. The following error can be found on Plesk homepage:
PLESK_ERROR: Unable to generate the web server configuration file on the host <example.com> because of the following errors:
Template_Exception: Can not restart web server: httpd stop failed
27 /usr/sbin/apache2 processes are killed
The issue is with BruteForce ruleset on a Comodo side.
- Connect to the server using SSH.
- Install the latest version of comodo ruleset where the issue is resolved (1.142):
# /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet
- Make sure that the version is 1.142 or higher by the following command:
- for RedHat-based OSes
# cat /etc/httpd/conf/modsecurity.d/rules/comodo/rules.dat
- for Debian-based OSes
# cat /etc/apache2/modsecurity.d/rules/comodo/rules.dat
- for RedHat-based OSes
If it does not help, use one of following workarounds:
- Switch off and then switch on ModSecurity in Tools & Settings > Web Application Firewall (ModSecurity).
-kkey to remove expired elements from ip.pag.
The information regarding this utility can be found here.
- Reduce SecCollectionTimeout to 600 sec (the default value is 1 hour). This option specifies the time-out after which old records in IP collection storage are deleted. It should help to prevent /var/cache/modsecurity/ip.pag growing.
For doing this open Tools & Settings > Web Application Firewall (ModSecurity) > Settings > and specify following value in Custom directives:
/var/cache/modsecurity/directory if it does not exist with the following permissions:
# ls -ld /var/cache/modsecurity/
drwxr-xr-x 2 apache root 4096 Jun 29 18:37 /var/cache/modsecurity/
ip.pagfile is present in
/var/cache/modsecurity/, and has huge size, clear it:
- Switch off ModSecurity in Tools & Settings > Web Application Firewall (ModSecurity).
- Run the following command to clear the file:
# echo "" > /var/cache/modsecurity/ip.pag
- Switch on ModSecurity.
Initializationrule in Tools & Settings > Web Application Firewall (ModSecurity) > select Bruteforce from the list of active rules and move to deactivated > OK: