Syntax error on line 59 of /etc/httpd/conf.d/mod_security.conf: ModSecurity: No action id present within the rule
I applied two updates and tried to add a sub-domain and then this started popping up then I try clicking apply changes in Webmin - Servers - Apache - Apply Changes.
My new sub-domain has not taken effect and I don’t want to restart apache in case it now fails to start.
That section of mod_security show:-
# Verify that we've correctly processed the request body.
# As a rule of thumb, when failing to process a request body
# you should reject the request (when deployed in blocking mode)
# or log a high-severity alert (when deployed in detection-only mode).
SecRule REQBODY_PROCESSOR_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,msg:'Failed to parse request body.',severity:2"
Well, it sounds like something either with mod_security, or the mod_security rules, changed recently.
In a pinch, you can always comment out those lines.
However, searching on the text “REQBODY_PROCESSOR_ERROR” in my mod_security rules dir, that rule on my system looks like this:
SecRule REQBODY_PROCESSOR_ERROR “!@eq 0” “t:none,phase:2,deny,log,auditlog,status:400,msg:‘Request Body Parsing Failed. %{REQBODY_PROCESSOR_ERROR_MSG}’,id:‘960912’,severity:‘2’”
You could always see if using that works for you. Different mod_security versions use different syntax, so it’s possible that neither of the above is correct for your version But it can’t hurt to try that out.
Well, the ruleset I’m using on my Ubuntu system appears to be organized a different way than what you’re using. So it may not work on your system to just copy that file.
However, you can see the current mod_security rules here: