QuestionApache cannot be started if ModSecurity is enabled: failed to load IPs from: /etc/asl/whitelist
Symptoms
- Apache cannot be started if ModSecurity is enabled.
- The following error appears in /var/log/plesk/panel.log with the enabled debug logging:
ERR [panel] Unable to start service:
Unable to manage service by apache_control_adapter: ('start', 'web').
Error: Jan 13 17:42:26 uknet.eu systemd[1]: Starting The Apache HTTP Server...
httpd[9828]: AH00526: Syntax error on line 24 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf:
httpd[9828]: ModSecurity: failed to load IPs from: /etc/asl/whitelist
Could not open ipmatch file "/etc/asl/whitelist": No such file or directory
- aum.x86_64 package is missing:
#rpm -qa | grep aum
<empty output>#dpkg -l | grep aum
<empty output>Cause
Corrupted Modsecurity installation.
Resolution
1.Connect to the server via SSH.
2.Install the missing package:
For RedHat/CentOS:
#yum install aum --enablerepo tortix-common -yIf the step above did not help, install aum manually:
#wget -q -O - https://updates.atomicorp.com/installers/aum | shFor Debian/Ubuntu:
#wget -q -O - https://www.atomicorp.com/RPM-GPG-KEY.art.txt | apt-key add -#apt-get update
#apt-get install aum -y
If the above actions did not help consider applying the following workaround:
- Log in to Plesk.
- Go to Tools & Settings > Web Application Firewall (ModSecurity) and enable the web application firewall.
- Set ruleset to any non-atomic ruleset, for example, Comodo and press OK to apply changes.
- After that, again open Tools & Settings > Web Application Firewall (ModSecurity) > Settings tab and switch to the Atomic ruleset.