ModSecurity: Found another rule with the same id

Follow

Comments

5 comments

  • Avatar
    Integrator

    Bug #PPPM-3733 have been fixed in Plesk 12.5.30 Update 25

  • Avatar
    dither

    This problem also occurrs on Plesk Onyx 17.8.11 / Debian 9.5 with Comodo ModSecurity (subscription).

    I was trying to whitelist one ip such as:
    SecRule REMOTE_ADDR "^192\.168\.1\.1$" phase:1,id:210280,nolog,allow

    Plesk also reports the same error:
    "Invalid ModSecurity configuration: AH00526: Syntax error on line 1 of /etc/apache2/plesk.conf.d/modsecurity.conf: ModSecurity: Found another rule with the same id".

    Strangely modsecurity.conf file is empty.

  • Avatar
    Alexandr Redikultsev

    Hello, @dither!

    The bug in the article describes the issue that occurs regularly on any attempt to use ModSecurity, so I believe that the issue you are facing is having a different root cause.

    In order to troubleshoot it, I suggest the following action plan:

    1. Temporary switch ModSecurity to another rule set, for example Atomic Basic.

    2. Disable ModSecurity.

    3. Enable it back with Atomic Basic.

    4. Switch the rule set back to Comodo ModSecurity (subscription).

  • Avatar
    dither

    It was my mistake. I misunderstood the modsecurity's whitelist syntax.
    I thought by adding id:210280 that it would whitelist the IP for that particular rule's ID instead of being just the whitelist rule's ID.
    Everything works fine with comodo rules in Debian 9.5.

  • Avatar
    Alexandr Redikultsev

    Hello, @dither!

    I am glad that it's sorted out, thank you for sharing!

Please sign in to leave a comment.

Have more questions? Submit a request