Hello,

running asl -s -f seems to append the current SecResponseBodyLimit value to the end of the existing value in /etc/httpd/modsecurity.d/tortix_waf.conf. Bug can be replicated by running . ASL visual interface only shows one instance of the value but tortix_waf.conf returns the true value.

Prevents apache from restarting:



If I edit tortix_waf.conf directly and change the value then restart apache any subsequent run of will re-append the SecResponseBodyLimit value to itself.

That's odd. I'm not seeing this and happened to have updated to 3.0.31-1 this afternoon on three systems. I wonder what's going on. Very odd.

Check your /var/asl/data/templates/template-tortix_waf.conf -- does it have the duplicate lines?

Faris.

I'm seeing this same error now.

[root@---.com]# asl -u
Checking for updates..
ASL version is current: 3.0.31-1.el5.art [OK]
APPINV rules are current: 201201041122 [OK]
Updating CLAMAV to 201208021258: updated [OK]
Updating GEOMAP to 201208021256: updated [OK]
Updating MODSEC to 201208021257: updated [OK]
Updating Anti-Spam Protection: updated [OK]
Updating Attack Protection: updated [OK]
Updating Dataloss Protection: updated [OK]
Updating Malware Protection: updated [OK]
Updating Rootkit Protection: updated [OK]
Updating Shell Protection: updated [OK]
Error: There is a problem with the apache config

[Thu Aug 02 13:51:33 2012] [warn] module ssl_module is already loaded, skipping
Syntax error on line 7 of /etc/httpd/modsecurity.d/tortix_waf.conf:
ModSecurity: Invalid value for SecResponseBodyLimit: 2621440262144026214402621440

Rolling back to the previous update.

OSSEC rules are current: 201207191056 [OK]
[root@---.com]#

I had this also.

I also have an error on asl -s -f command now that wasn't there before.
Fatal error: lookup-function - undefined function: preg_filter in waf_check.php on line 63

@spurdy: check that your version of mod_security is up to date. A new version was released very recently in the asl repo and I wonder if that might solve your problem?

This started yesterday, and again last night my entire apache was down for 4 hours because of the tortix_waf.conf being changed again. I just updated mod_security 3-4 days ago.

I use cPanel so I do a re-compile of apache to get the latest. Should I do another one? I did one late July 31st.

I should mention I've been on 3.0.31 for sometime without an issue. It was an update that happen just yesterday that has done this. Is there a way to go back?

asl -s -f is causing it to add another 2621440 to that file. I can't have the server going down all day because of that.

I guess I'll turn off updates so that nothing gets run hopefully.

Same thing has happened since yesterday afternoon, and had to turn off Nginx in plesk as it was blocking websites and showing a "error 502" with Nginx printed on the page. The only way to get everything back was to turn off auto updates in the Gui and edit the tortix_waf.conf to a lower value. Also in the tortix_waf.conf file there were several instances added to the bottom referring to rejecting a response file. Never seen this all before, it was working so good.

Some body seems to have got the Bug Spray out lets see how it goes over next few hours http://atomicorp.com/forums/viewtopic.php?f=8&t=6142 wafcong is now normal just checked it.

Yeah update seems to have fixed the issue for me too.

Although I think I'll leave auto updates off now. I probably should have been doing that before.