нужна ваша помощь с ошибкой. (используется debian 7, Vesta Version: 0.9.8 Release: 5) не запускается апач на мыло приходит сообщение с данной ошибкой
Usage: /etc/init.d/apache2 {start|stop|graceful-stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean|status}.
Syntax error on line 16 of /home/dns-cluster/conf/web/sapache2.conf:
Invalid command ‘SSLRequireSSL’, perhaps misspelled or defined by a module not included in the server configuration
Action ‘configtest’ failed.
The Apache error log may have more information.
failed!
как вы заметили все происходит под юзером dns-cluster может это как то влияет.
в логах выдает [error] 28491#0: *520 SSL_do_handshake() failed (SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
запуск команды /etc/init.d/apache2 configtest так же ничего не выводит пишет что все ОК.
PS пользователя dns-cluster пришлось использовать для добавления веб-домена потому что под любым другим пользователем ДНС запись этого домена не обновлялась.
Operating System (OS/VERSION):
Ubuntu 16.04.5 LTS
VestaCP Version:
0.9.8-23
Installed Software (what you got with the installer):
Apache, Proxy Nginx, PHP, proFTP, mysql,
Steps to Reproduce:
Since a few days ago, I have noticed that Apache is not started and I have to run v-rebuilt-user admin to make it all work again.
Analyzing the server logs, I have observed the following:
In /var/log/apache2/error.log
[Mon Jan 28 04:33:04.392342 2019] [mpm_prefork:notice] [pid 13751] AH00171: Graceful restart requested, doing restart
[Tue Jan 29 04:33:04.080522 2019] [mpm_prefork:notice] [pid 26592] AH00171: Graceful restart requested, doing restart
Look the hour: 04:33
If I check the cron jobs:
`# crontab -l -u admin
15 02 * * * sudo /usr/local/vesta/bin/v-update-sys-queue disk
10 00 * * * sudo /usr/local/vesta/bin/v-update-sys-queue traffic
30 03 * * * sudo /usr/local/vesta/bin/v-update-sys-queue webstats
*/5 * * * * sudo /usr/local/vesta/bin/v-update-sys-queue backup
10 05 * * * sudo /usr/local/vesta/bin/v-backup-users
20 00 * * * sudo /usr/local/vesta/bin/v-update-user-stats
*/5 * * * * sudo /usr/local/vesta/bin/v-update-sys-rrd
33 4 * * * sudo /usr/local/vesta/bin/v-update-letsencrypt-ssl`
Last cronjob runs at the same time Apache has to restart.
If I run the v-update-letsencrypt-ssl script:
# v-update-letsencrypt-ssl domain.com Error: apache2 restart failed domain2.com Error: apache2 restart failed domain3.com Error: apache2 restart failed [...]
All domains failed when apache restart :/
In script I see this:
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
if [ $? -ne 0 ]; then
echo «$domain $msg»
fi
I see that these two lines are related:
echo "$domain $msg" domain.com Error: apache2 restart failed
Therefore, I have manually executed the following script:
v-add-letsencrypt-domain admin domain.com www.domain.com
And the output is this:
Error: apache2 restart failed Error: apache2 restart failed
After the error, I checked the Apache configuration file:
# apachectl -f pwd/sapache2.conf apache2: Syntax error on line 295 of /home/admin/conf/web/sapache2.conf: </VirtualHost> without matching <VirtualHost> section Action '-f /home/admin/conf/web/sapache2.conf' failed. The Apache error log may have more information.
In the VirtualHost of the domain I have tried to renew the SSL, appears without the first line of VirtualHost:
<VirtualHost [IP_Server]:8443>
I’ve also found that by changing the Apache template for the domain and then reapplying the one I had, the problem is solved.
Содержание
- Vesta Control Panel — Forum
- Cannot change apache web template
- Apache2 fails to restart because template is broken #1816
- Comments
- Operating System (OS/VERSION):
- VestaCP Version:
- Installed Software (what you got with the installer):
- Steps to Reproduce:
- Vesta Control Panel — Forum
- Не могу установить VestaCP.
- Vesta Control Panel — Forum
- Error: httpd restart failed
- Vesta Control Panel — Forum
- Nginx fails to restart after enabling SSL Support; Site goes down
Vesta Control Panel — Forum
Cannot change apache web template
Cannot change apache web template
Post by webass » Wed Aug 17, 2016 8:03 pm
then it happened, that it deleted the conf completely.
and all domains got redirected to the domain running under a second user .
Then I had to install the complete thing in virtualbox to get my apache2.conf back.
Still the one domain makes thi sproblems, which uses the webtemplate I want to change.
Totally not getting why it doesnt write into it also anymore.
Sorry. Its hard to explain.
It doesnt work over the panel and also not over the CLI.
When I do it on a subdomain for example, I get:
which is anywhere in between the virtual hosts.
and apache restarts fine again.
But this doesnt work on the one domain which uses the «broken» web template I want it to stop to use
Very strange stuff.
Now, I wanted to delete the sub domain I changed the webtemplate on for testing, and it gives this:
Re: Cannot change apache web template
Post by webass » Thu Aug 18, 2016 7:19 am
Re: Cannot change apache web template
Post by webass » Thu Aug 18, 2016 7:27 am
One line free on top and also on /home/admin/conf/web/apache2.conf I did so.
and nothing helped.
I want to have the site use the default-tpl instead the other one, where I just wanted the fcgid to become with 256 MB memory limit. Thas why I created it long ago.
Re: Cannot change apache web template
Post by webass » Thu Aug 18, 2016 7:56 am
Well, not sure what you mean.
I did a rebuild web on admin the other day, that messed my whole server up.
I think you dont mean to make this again.
I go to panel or either do it on CLI when using another template.
Then it makes these errors.
In apache2.conf nothing happens other than the is ADDED anywhere.
The domain I want to change doesnt even HAVE a virtual host entry in apache2.conf.
When I add it manually it only is taken «by half».
LOL, now you know, when I go to the domain and save it WITH the template it anyway uses, then it saves without error, but in apache2.conf still no entry created for this domain. Thats why its not reachable at all over web.
And now, I tested it on another domain to set from default-tpl to fcgid-tpl.
result: It cannot restart apache2
Источник
Apache2 fails to restart because template is broken #1816
Operating System (OS/VERSION):
Ubuntu 16.04.5 LTS
VestaCP Version:
Installed Software (what you got with the installer):
Apache, Proxy Nginx, PHP, proFTP, mysql,
Steps to Reproduce:
Since a few days ago, I have noticed that Apache is not started and I have to run v-rebuilt-user admin to make it all work again.
Analyzing the server logs, I have observed the following:
[Mon Jan 28 04:33:04.392342 2019] [mpm_prefork:notice] [pid 13751] AH00171: Graceful restart requested, doing restart
[Tue Jan 29 04:33:04.080522 2019] [mpm_prefork:notice] [pid 26592] AH00171: Graceful restart requested, doing restart
Look the hour: 04:33
If I check the cron jobs:
`# crontab -l -u admin
15 02 * * * sudo /usr/local/vesta/bin/v-update-sys-queue disk
10 00 * * * sudo /usr/local/vesta/bin/v-update-sys-queue traffic
30 03 * * * sudo /usr/local/vesta/bin/v-update-sys-queue webstats
*/5 * * * * sudo /usr/local/vesta/bin/v-update-sys-queue backup
10 05 * * * sudo /usr/local/vesta/bin/v-backup-users
20 00 * * * sudo /usr/local/vesta/bin/v-update-user-stats
*/5 * * * * sudo /usr/local/vesta/bin/v-update-sys-rrd
33 4 * * * sudo /usr/local/vesta/bin/v-update-letsencrypt-ssl`
Last cronjob runs at the same time Apache has to restart.
If I run the v-update-letsencrypt-ssl script:
# v-update-letsencrypt-ssl domain.com Error: apache2 restart failed domain2.com Error: apache2 restart failed domain3.com Error: apache2 restart failed [. ]
All domains failed when apache restart :/
In script I see this:
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
if [ $? -ne 0 ]; then
echo «$domain $msg»
fi
I see that these two lines are related:
echo «$domain $msg» domain.com Error: apache2 restart failed
Therefore, I have manually executed the following script:
v-add-letsencrypt-domain admin domain.com www.domain.com
And the output is this:
Error: apache2 restart failed Error: apache2 restart failed
After the error, I checked the Apache configuration file:
# apachectl -f pwd /sapache2.conf apache2: Syntax error on line 295 of /home/admin/conf/web/sapache2.conf: without matching section Action ‘-f /home/admin/conf/web/sapache2.conf’ failed. The Apache error log may have more information.
In the VirtualHost of the domain I have tried to renew the SSL, appears without the first line of VirtualHost:
I’ve also found that by changing the Apache template for the domain and then reapplying the one I had, the problem is solved.
The text was updated successfully, but these errors were encountered:
Источник
Vesta Control Panel — Forum
Не могу установить VestaCP.
Не могу установить VestaCP.
Post by Serhiyyy » Sat Jul 11, 2015 3:00 pm
Прошу у Вас помощи с установкой панели.
При вводе команды:
bash vst-install.sh
Запускается процесс установки и через 10 секунд после заполнения информации вылазит ошибка:
E: Malformed line 1 in source list /etc/apt/sources.list.d/nginx.list (dist parse)
E: The list of sources could not be read.
Reading package lists. Error!
E: Malformed line 1 in source list /etc/apt/sources.list.d/nginx.list (dist parse)
E: The list of sources could not be read.
E: The package lists or status file could not be parsed or opened.
Error: apt-get install failed
Помогите решить данную проблему.
ОС:
Distributor ID: Debian
Description: Debian GNU/Linux 8.1 (jessie)
Release: 8.1
Codename: jessie
Re: Не могу установить VestaCP.
Post by imperio » Sat Jul 11, 2015 3:45 pm
Re: Не могу установить VestaCP.
Post by mak » Sun Oct 04, 2015 6:31 pm
Re: Не могу установить VestaCP.
Post by imperio » Sun Oct 04, 2015 6:43 pm
Re: Не могу установить VestaCP.
Post by Shurik » Sun Oct 04, 2015 10:16 pm
Re: Не могу установить VestaCP.
Post by RUSb » Mon Oct 05, 2015 6:30 am
Re: Не могу установить VestaCP.
Post by skurudo » Mon Oct 05, 2015 7:06 am
Коллеги, посмотрите ваш файлик — /etc/apt/sources.list.d/nginx.list
Что-то с ним не так. Причем не так прямо в первой строке.
Покажите ее что ли.
Исправьте или закоментируйте.
PS: Возможно где-то она уже есть в source (но это вряд ли).
Re: Не могу установить VestaCP.
Post by RUSb » Mon Oct 05, 2015 7:24 am
skurudo wrote: Коллеги, посмотрите ваш файлик — /etc/apt/sources.list.d/nginx.list
Что-то с ним не так. Причем не так прямо в первой строке.
Покажите ее что ли.
Исправьте или закоментируйте.
PS: Возможно где-то она уже есть в source (но это вряд ли).
Ну там как бы 1 строчка, которая задаётся установочным скриптом, ну и проверяется она как я понимаю тоже при запуске самого скрипта. Пробовал править в самом скрипте, но что то тоже не очень вышло.
UPD
Может ему попросту ненравится debian 7.8 (собственно налетел на подобную проблему с установкой на 8ю версию дебиан (глаза же на затылок)) по каким то причинам, так как система чистая, и ставилась именно для установки панели и веб сервера, то попропбую сейчас накатить на centos
Источник
Vesta Control Panel — Forum
Error: httpd restart failed
Error: httpd restart failed
Post by ogeitblues » Mon Mar 05, 2018 1:29 pm
I tried to resolve this as best I could by google search. I paid for support on vestacp.com website but no one has contacted me yet. I am really in hot water right now. I need a kind person to help me.
For the last 2 days the httpd does not want to restart. For a while nginx also did not want to restart but I got it fix.
In Vestacp I get this message when I click httpd to restart: Error: httpd restart failed.
In the Terminal after typing this command «service httpd restart» I get this message:
Job for httpd.service failed because the control process exited with error code. See «systemctl status httpd.service» and «journalctl -xe» for details.
systemctl status httpd.service
● httpd.service — The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2018-03-05 07:36:33 EST; 2min 46s ago
Process: 7234 ExecStop=/bin/kill -WINCH $ (code=exited, status=1/FAILURE)
Process: 7232 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 7232 (code=exited, status=1/FAILURE)
Mar 05 07:36:32 vps105566.vps.ovh.ca systemd[1]: Starting The Apache HTTP Server.
Mar 05 07:36:33 vps105566.vps.ovh.ca httpd[7232]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using myserverdomain.com. Set the ‘ServerName’ directive globally to suppress this message
Mar 05 07:36:33 vps105566.vps.ovh.ca httpd[7232]: no listening sockets available, shutting down
Mar 05 07:36:33 vps105566.vps.ovh.ca httpd[7232]: AH00015: Unable to open logs
Mar 05 07:36:33 vps105566.vps.ovh.ca systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 05 07:36:33 vps105566.vps.ovh.ca kill[7234]: kill: cannot find process «»
Mar 05 07:36:33 vps105566.vps.ovh.ca systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 05 07:36:33 vps105566.vps.ovh.ca systemd[1]: Failed to start The Apache HTTP Server.
Mar 05 07:36:33 vps105566.vps.ovh.ca systemd[1]: Unit httpd.service entered failed state.
Mar 05 07:36:33 vps105566.vps.ovh.ca systemd[1]: httpd.service failed.
—————————-
The no listening sockets available, shutting down
httpd port 8080 and 8443 are not used by any other services.
It could be the AH00015: Unable to open logs.
Источник
Vesta Control Panel — Forum
Nginx fails to restart after enabling SSL Support; Site goes down
Nginx fails to restart after enabling SSL Support; Site goes down
Post by h2p » Sat Dec 17, 2016 3:52 pm
After Enabling SSL Support and entering required keys, and then hitting Save, the settings get saved but the site goes down and nginx fails to restart.
Nginx error log gives the following:
CODE: SELECT ALL
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:29 [emerg] 8687#8687: still could not bind()
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: bind() to 104.131.90.2:443 failed (98: Address already in use)
2016/11/02 18:59:54 [emerg] 8922#8922: still could not bind()
BUT if I reboot the server, Nginx starts up and I can access the site with both ‘http’ and with ‘https’ but I get 500 Internal Server on the page and 502 Bad Gateway in browser console. This error goes away if I disable the SSL support from VestaCP panel and reboot the server.
For your consideration:
nginx version: nginx/1.10.2
vesta — core package Version:0.9.8 (amd64) Release:16
Источник
I am trying to use domain for my localhost instead of localhost or 127.0.0.1
I have added a configuration file myconfig.conf in sites-availbale
I also have enabled it using sudo a2ensite myconfig.conf
When I restart apache2 server using sudo sudo systemctl restart apache2,
I get error as
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
I reinstalled apache2 by uninstalling it but it gives error as
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
invoke-rc.d: initscript apache2, action "start" failed.
Output of sudo journalctl -xe
May 26 12:42:51 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:52 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:53 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:54 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:55 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:56 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:57 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:58 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:42:59 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:00 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:01 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:02 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:03 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:04 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:05 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:06 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:07 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:08 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:09 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:10 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:11 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:12 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:13 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:14 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:15 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:16 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:17 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:18 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:19 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:20 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:21 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:22 vostro-tbe gnome-session[2123]: GET /chrome HTTP/1.1
May 26 12:43:22 vostro-tbe sudo[16839]: anuj : TTY=pts/1 ; PWD=/etc/apache2/sites-available ; USER=root ; COMMAND=/bin/journalctl -xe
May 26 12:43:22 vostro-tbe sudo[16839]: pam_unix(sudo:session): session opened for user root by anuj(uid=0)
Output of systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Thu 2016-05-26 12:42:43 IST; 53s ago
Docs: man:systemd-sysv-generator(8)
Process: 16781 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
May 26 12:42:43 vostro-tbe apache2[16781]: *
May 26 12:42:43 vostro-tbe apache2[16781]: * The apache2 configtest failed.
May 26 12:42:43 vostro-tbe apache2[16781]: Output of config test was:
May 26 12:42:43 vostro-tbe apache2[16781]: apache2: Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 2 of /etc/apache2/mods-enabled/php7.0.load: Cannot load /usr/lib/apache2/modules/libphp7.0.so
May 26 12:42:43 vostro-tbe apache2[16781]: Action 'configtest' failed.
May 26 12:42:43 vostro-tbe apache2[16781]: The Apache error log may have more information.
May 26 12:42:43 vostro-tbe systemd[1]: apache2.service: Control process exited, code=exited status=1
May 26 12:42:43 vostro-tbe systemd[1]: Failed to start LSB: Apache2 web server.
May 26 12:42:43 vostro-tbe systemd[1]: apache2.service: Unit entered failed state.
May 26 12:42:43 vostro-tbe systemd[1]: apache2.service: Failed with result 'exit-code'.
Output of sudo apache2ctl configtest
apache2: Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 2 of /etc/apache2/mods-enabled/php7.0.load: Cannot load /usr/lib/apache2/modules/libphp7.0.so into server: /usr/lib/apache2/modules/libphp7.0.so: cannot open shared object file: No such file or directory
Action 'configtest' failed.
The Apache error log may have more information.
content of myconfig.conf
<VirtualHost *:80>
ServerAdmin admin@website.com
ServerName website.com
ServerAlias www.website.com
DocumentRoot /var/www/html/website
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
- Печать
Страницы: [1] Вниз
Тема: Апач не стартует «Action ‘start’ failed. The Apache error log may have more inf» (Прочитано 3992 раз)
0 Пользователей и 1 Гость просматривают эту тему.
taleb1
Здравствуйте,помогите пожалуйста.Хотел установить demo ispmanager при установки выбило ошибку,далее не работал apache.
Я его несколько раз пытался удалить,установить ну все равно выбивает ошибку:
/etc/init.d/apache2 restart
[….] Restarting web server: apache2apache2: Could not reliably determine the server’s fully qualified domain name, using root for ServerName
apache2: Could not reliably determine the server’s fully qualified domain name, using root for ServerName
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
Action ‘start’ failed.
The Apache error log may have more information.
netstat -nta | grep :80
tcp 0 0 176.9.38.245:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN
tcp 0 0 176.9.38.245:80 93.120.145.96:56494 ESTABLISHED
tcp 0 0 176.9.38.245:80 91.214.82.66:51044 ESTABLISHED
tcp 0 0 176.9.38.245:80 89.151.178.161:56913 TIME_WAIT
tcp 0 1 176.9.38.245:80 5.18.96.34:55551 LAST_ACK
tcp 0 0 176.9.38.245:80 89.204.73.144:55932 ESTABLISHED
tcp 0 1 176.9.38.245:80 194.58.175.116:60852 FIN_WAIT1
tcp 0 0 176.9.38.245:80 93.120.145.96:56495 ESTABLISHED
tcp 0 0 176.9.38.245:80 178.151.136.165:53033 ESTABLISHED
tcp 0 0 176.9.38.245:80 93.120.145.96:56477 ESTABLISHED
tcp 0 0 176.9.38.245:80 82.208.124.253:35454 TIME_WAIT
tcp 0 0 176.9.38.245:80 92.101.101.22:49235 ESTABLISHED
tcp 0 0 176.9.38.245:80 89.204.73.144:55931 ESTABLISHED
tcp 0 1 176.9.38.245:80 213.88.54.57:54122 FIN_WAIT1
tcp 0 1 176.9.38.245:80 5.18.96.34:55552 LAST_ACK
tcp 0 0 176.9.38.245:80 95.154.175.104:64385 ESTABLISHED
tcp 0 0 176.9.38.245:80 46.242.108.172:62164 TIME_WAIT
tcp 0 0 176.9.38.245:80 93.120.145.96:56493 ESTABLISHED
/etc/apache2/ports.conf
NameVirtualHost *:80
Listen 80
Помогите:)
« Последнее редактирование: 24 Апреля 2015, 00:42:56 от taleb1 »
fisher74
The Apache error log may have more information.
Не?
taleb1
Можете скинуть команды которые помогут решить эти проблемы?Я чайник в этом.
Походу 80 порт занят,как его освободить?
Заранее спасибо
Protopopulus
Ошибка в ports.conf. Должно быть:
Listen 80И опционально (следущими строкми):
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Если ты владеешь знаниями, то и знания владеют тобой. (с) Protopopulus
taleb1
Содержимое файла ports.conf
NameVirtualHost *:80
Listen 80<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule><IfModule mod_gnutls.c>
Listen 443
</IfModule>
Protopopulus
NameVirtualHost *:80 — ошибка. Нужно удалить эту строку.
UPD: Вру безжалостно. Не ошибка.
Можно посмотреть что заняло 80-й порт:
sudo lsof -i :80
« Последнее редактирование: 23 Апреля 2015, 23:42:42 от Protopopulus »
Если ты владеешь знаниями, то и знания владеют тобой. (с) Protopopulus
taleb1
sudo lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 2902 root 11u IPv4 10549 0t0 TCP Debian-77-wheezy-64-LAMP:http (LISTEN)
nginx 2905 www-data 11u IPv4 10549 0t0 TCP Debian-77-wheezy-64-LAMP:http (LISTEN)
nginx 2905 www-data 18u IPv4 19902 0t0 TCP Debian-77-wheezy-64-LAMP:http->ppp92-100-79-155.pppoe.avangarddsl.ru:57727 (ESTABLISHED)
nginx 2905 www-data 19u IPv4 19903 0t0 TCP Debian-77-wheezy-64-LAMP:http->ppp92-100-79-155.pppoe.avangarddsl.ru:57726 (ESTABLISHED)
nginx 2905 www-data 23u IPv4 19961 0t0 TCP Debian-77-wheezy-64-LAMP:http->host94-210.lanoptic.ru:50003 (ESTABLISHED)
nginx 2905 www-data 25u IPv4 19963 0t0 TCP Debian-77-wheezy-64-LAMP:http->host94-210.lanoptic.ru:50002 (ESTABLISHED)
nginx 2906 www-data 11u IPv4 10549 0t0 TCP Debian-77-wheezy-64-LAMP:http (LISTEN)
Спасибо что помогаете решить эту проблему)))
Пользователь решил продолжить мысль [time]24 Апрель 2015, 01:58:18[/time]:
Эм у меня что 2 апача?Как убрать один из них?
/home/admin/conf/web/apache2.conf
/home/admin/conf/web/sapache2.conf
/etc/apache2/apache2.conf
find / -name apache2.conf
/home/admin/conf/web/apache2.conf
/root/vst_install_backups/1417116329/apache2/apache2.conf
/etc/apache2/apache2.conf
/usr/local/vesta/install/debian/apache2.conf
/usr/local/vesta/install/ubuntu/apache2.conf
« Последнее редактирование: 24 Апреля 2015, 01:13:42 от taleb1 »
Protopopulus
Ну, вывод показывает, что запущен nginx, поэтому, собственно, apache и не стартует.
Если ты владеешь знаниями, то и знания владеют тобой. (с) Protopopulus
taleb1
Сервер ранее настраивал прогер(сейчас контактов нет)
Можете скинуть решение чтобы работало,когда открываю сайт пишет
«500
Internal Server Error
Sorry, something went wrong 
«
Пожалуйста скиньте коды которые восстановят работу 
)))
Protopopulus
taleb1, что в логах?
tain -n 100 /var/log/apache2/error.log
Если ты владеешь знаниями, то и знания владеют тобой. (с) Protopopulus
taleb1
tain -n 100 /var/log/apache2/error.log
-bash: tain: command not found
Protopopulus
Если ты владеешь знаниями, то и знания владеют тобой. (с) Protopopulus
- Печать
Страницы: [1] Вверх
# Deprecated due to security issues so it should be off: [url=http://blog.modsecurity.org/2008/08/transformation.html]ModSecurity Blog: Transformation Caching Unstable, Fixed, But Deprecated[/url]
SecCacheTransformations Off
# Check Content-Length and reject all non numeric ones
SecRule REQUEST_HEADERS:Content-Length "!^d+$" "deny,log,auditlog,msg:'Content-Length HTTP header is not numeric', severity:'2',id:'960016'"
# Do not accept GET or HEAD requests with bodies
SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'GET or HEAD requests with bodies', severity:'2',id:'960011',tag:'PROTOCOL_VIOLATION/EVASION'"
SecRule REQUEST_HEADERS:Content-Length "!^0?$" t:none
# Require Content-Length to be provided with every POST request.
SecRule REQUEST_METHOD "^POST$" "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'POST request must have a Content-Length header',id:'960012',tag:'PROTOCOL_VIOLATION/EVASION',severity:'4'"
SecRule &REQUEST_HEADERS:Content-Length "@eq 0" t:none
# Don't accept transfer encodings we know we don't know how to handle
SecRule REQUEST_HEADERS:Transfer-Encoding "!^$" "phase:2,t:none,deny,log,auditlog,status:501,msg:'ModSecurity does not support transfer encodings',id:'960013',tag:'PROTOCOL_VIOLATION/EVASION',severity:'3'"
# Check decodings
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUrlEncoding"
"chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'950107',severity:'4'"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateUtf8Encoding" "deny,log,auditlog,msg:'UTF8 Encoding Abuse Attack Attempt',id:'950801',severity:'4'"
# Proxy access attempt
SecRule REQUEST_URI_RAW ^w+:/ "phase:2,t:none,deny,log,auditlog,status:400,msg:'Proxy access attempt', severity:'2',id:'960014',tag:'PROTOCOL_VIOLATION/PROXY_ACCESS'"
# Restrict type of characters sent
SecRule REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer
"@validateByteRange 1-255"
"log,auditlog,msg:'Request Missing an Accept Header', severity:'2',id:'960015',t:urlDecodeUni,phase:1"
SecRule ARGS|ARGS_NAMES "@validateByteRange 1-255"
"deny,log,auditlog,msg:'Invalid character in request',id:'960901',severity:'4',t:urlDecodeUni,phase:2"
# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$"
"phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'960032',tag:'POLICY/METHOD_NOT_ALLOWED'"
# Restrict file extension
# removed exe so that frontpage will work
# Restricted HTTP headers
SecRule REQUEST_HEADERS_NAMES ".(?:Lock-Token|Translate|If)$"
"deny,log,auditlog,msg:'HTTP header is restricted by policy',id:'960038',severity:'4'"
SecRule HTTP_User-Agent "(?:b(?:m(?:ozilla/4.0 (compatible)|etis)|webtrends security analyzer|pmafind)b|n(?:-stealth|sauditor|essus|ikto)|b(?:lack ?widow|rutus|ilbo)|(?:jaascoi|paro)s|internet explorer|webinspect|.nasl)"
"deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'990002',severity:'2'"
SecRule REQUEST_HEADERS_NAMES "bacunetix-productb"
"deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'990901',severity:'2'"
SecRule REQUEST_FILENAME "^/nessustest"
"deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'990902',severity:'2'"
SecRule REQUEST_HEADERS:User-Agent "(?:m(?:ozilla/(?:4.0 (compatible; advanced email extractor|2.0 (compatible; newt activex; win32))|ailto:craftbot@yahoo.com)|e(?:mail(?:(?:collec|harves|magne)t|(?: extracto|reape)r|siphon|wolf)|(?:collecto|irgrabbe)r|xtractorpro|o browse)|a(?:t(?:tache|hens)|utoemailspider|dsarobot)|w(?:eb(?:emailextrac| by mail)|3mir)|f(?:astlwspider|loodgate)|p(?:cbrowser|ackrat|surf)|(?:digout4uagen|takeou)t|(?:chinacla|be)w|[email protected]|rsync|shai|zeus)"
"deny,log,auditlog,msg:'Rogue web site crawler',id:'990012',severity:'2'"
SecRule REQUEST_HEADERS:User-Agent "(?:b(?:(?:indy librar|snoop)y|microsoft url control|lynx)b|d(?:ownload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)"
"chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'990011',severity:'5'"
SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"
# Blind SQL injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm sys.user_triggers sys.user_objects @@spid msysaces instr sys.user_views sys.tab charindex sys.user_catalog constraint_type locate select msysobjects attnotnull sys.user_tables sys.user_tab_columns sys.user_constraints waitfor mysql.user sys.all_tables msysrelationships msyscolumns msysqueries"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,pass,nolog,skip:1,id:1500003"
SecAction phase:2,pass,nolog,skipAfter:959007,id:1500004
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:b(?:(?:s(?:ys.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|electb.{0,40}b(?:substring|ascii|user))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql.user)|c(?:onstraint_type|harindex)|attnotnull)b|(?:locate|instr)W+()|@@spidb)"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,ctl:auditLogParts=+E,log,auditlog,msg:'Blind SQL Injection Attack',id:'950007',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtypeW+bchar|rownum)b|t(?:able_nameb|extposW+())"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,ctl:auditLogParts=+E,log,auditlog,msg:'Blind SQL Injection Attack',id:'959007',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm substr xtype textpos all_objects rownum sysfilegroups sysprocesses user_group sysobjects user_tables systables pg_attribute user_users user_password column_id attrelid user_tab_columns table_name pg_class user_constraints user_objects object_type dba_users sysconstraints mb_users column_name atttypid object_id substring syscat user_ind_columns sysibm syscolumns sysdba object_name"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:1500005"
SecAction phase:2,pass,nolog,skipAfter:959904,id:1500006
SecRule REQUEST_FILENAME|ARGS "b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtypeW+bchar|rownum)b|t(?:able_nameb|extposW+())"
"phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Blind SQL Injection Attack',id:'950904',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtypeW+bchar|rownum)b|t(?:able_nameb|extposW+())"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Blind SQL Injection Attack',id:'959904',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
# SQL injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm insert xp_enumdsn infile openrowset nvarchar autonomous_transaction print data_type or outfile inner shutdown tbcreator @@version xp_filelist sp_prepare sql_longvarchar xp_regenumkeys xp_loginconfig xp_dirtree ifnull sp_addextendedproc xp_regaddmultistring delete sp_sqlexec and sp_oacreate sp_execute cast xp_ntsec xp_regdeletekey drop varchar xp_execresultset having utl_file xp_regenumvalues xp_terminate xp_availablemedia xp_regdeletevalue dumpfile isnull sql_variant select 'sa' xp_regremovemultistring xp_makecab 'msdasql' xp_cmdshell openquery sp_executesql 'sqloledb' dbms_java 'dbo' utl_http sp_makewebtask benchmark xp_regread xp_regwrite"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:1500007"
SecAction phase:2,pass,nolog,id:999501,skipAfter:959001
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "(?:b(?:(?:s(?:electb(?:.{1,100}?b(?:(?:length|count|top)b.{1,100}?bfrom|fromb.{1,100}?bwhere)|.*?b(?:d(?:umpb.*bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(?:longvarchar|variant))|xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|e(?:xecresultset|numdsn)|(?:terminat|dirtre)e|availablemedia|loginconfig|cmdshell|filelist|makecab|ntsec)|u(?:nionb.{1,100}?bselect|tl_(?:file|http))|groupb.*bbyb.{1,100}?bhaving|d(?:eletebW*?bfrom|bms_java)|loadbW*?bdatab.*binfile|(?:n?varcha|tbcreato)r)b|i(?:n(?:tobW*?b(?:dump|out)file|sertbW*?binto|nerbW*?bjoin)b|(?:f(?:bW*?(W*?bbenchmark|nullb)|snullb)W*?()|a(?:ndb ?(?:d{1,10}|['"][^=]{1,10}['"]) ?[=<>]+|utonomous_transactionb)|o(?:rb ?(?:d{1,10}|['"][^=]{1,10}['"]) ?[=<>]+|pen(?:rowset|query)b)|havingb ?(?:d{1,10}|['"][^=]{1,10}['"]) ?[=<>]+|printbW*?@@|castbW*?()|(?:;W*?b(?:shutdown|drop)|@@version)b|'(?:s(?:qloledb|a)|msdasql|dbo)')"
"phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'950001',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "(?:b(?:(?:s(?:electb(?:.{1,100}?b(?:(?:length|count|top)b.{1,100}?bfrom|fromb.{1,100}?bwhere)|.*?b(?:d(?:umpb.*bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(?:longvarchar|variant))|xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|e(?:xecresultset|numdsn)|(?:terminat|dirtre)e|availablemedia|loginconfig|cmdshell|filelist|makecab|ntsec)|u(?:nionb.{1,100}?bselect|tl_(?:file|http))|groupb.*bbyb.{1,100}?bhaving|d(?:eletebW*?bfrom|bms_java)|loadbW*?bdatab.*binfile|(?:n?varcha|tbcreato)r)b|i(?:n(?:tobW*?b(?:dump|out)file|sertbW*?binto|nerbW*?bjoin)b|(?:f(?:bW*?(W*?bbenchmark|nullb)|snullb)W*?()|a(?:ndb ?(?:d{1,10}|['"][^=]{1,10}['"]) ?[=<>]+|utonomous_transactionb)|o(?:rb ?(?:d{1,10}|['"][^=]{1,10}['"]) ?[=<>]+|pen(?:rowset|query)b)|havingb ?(?:d{1,10}|['"][^=]{1,10}['"]) ?[=<>]+|printbW*?@@|castbW*?()|(?:;W*?b(?:shutdown|drop)|@@version)b|'(?:s(?:qloledb|a)|msdasql|dbo)')"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959001',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "b(d+) ?= ?1b|['"](w+)['"] ?= ?['"]2b"
"phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'950901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "b(d+) ?= ?1b|['"](w+)['"] ?= ?['"]2b"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm user_objects object_type substr all_objects mb_users column_name rownum atttypid substring object_id user_group user_tables pg_attribute user_users column_id user_password attrelid object_name table_name pg_class"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:1500008"
SecAction phase:2,pass,nolog,skipAfter:959906,id:1500009
SecRule REQUEST_FILENAME|ARGS "b(?:user_(?:(?:object|table|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|substr(?:ing)?|table_name|mb_users|rownum)b"
"phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'950906',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "b(?:user_(?:(?:object|table|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|substr(?:ing)?|table_name|mb_users|rownum)b"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959906',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!REQUEST_HEADERS:via "b(?:coalesceb|root@)"
"phase:2,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'950908',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:via "b(?:coalesceb|root@)"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'959908',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
# XSS
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pm jscript onsubmit copyparentfolder javascript meta onmove onkeydown onchange onkeyup activexobject expression onmouseup ecmascript onmouseover vbscript: <![cdata[ http: settimeout onabort shell: .innerhtml onmousedown onkeypress asfunction: onclick .fromcharcode background-image: .cookie ondragdrop onblur x-javascript mocha: onfocus javascript: getparentfolder lowsrc onresize @import alert onselect script onmouseout onmousemove background application .execscript livescript: getspecialfolder vbscript iframe .addimport onunload createtextrange onload <input"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,pass,nolog,skip:1,id:1500010"
SecAction phase:2,pass,nolog,skipAfter:959004,id:1500011
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "(?:b(?:(?:typebW*?b(?:textbW*?b(?:j(?:ava)?|ecma|vb)|applicationbW*?bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframeb.{0,100}?bsrc)b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)bW*?=|abortb)|(?:l(?:owsrcbW*?b(?:(?:java|vb)script|shell|http)|ivescript)|(?:href|url)bW*?b(?:(?:java|vb)script|shell)|background-image|mocha):|s(?:(?:tylebW*=.*bexpressionbW*|ettimeoutbW*?)(|rcbW*?b(?:(?:java|vb)script|shell|http):)|a(?:ctivexobjectb|lertbW*?(|sfunction:))|<(?:(?:bodyb.*?b(?:backgroun|onloa)d|inputb.*?btypebW*?bimage)b| ?(?:(?:script|meta)b|iframe)|![cdata[)|(?:.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)|@import)b)"
"phase:2,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Cross-site Scripting (XSS) Attack',id:'950004',tag:'WEB_ATTACK/XSS',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "(?:b(?:(?:typebW*?b(?:textbW*?b(?:j(?:ava)?|ecma|vb)|applicationbW*?bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframeb.{0,100}?bsrc)b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)bW*?=|abortb)|(?:l(?:owsrcbW*?b(?:(?:java|vb)script|shell|http)|ivescript)|(?:href|url)bW*?b(?:(?:java|vb)script|shell)|background-image|mocha):|s(?:(?:tylebW*=.*bexpressionbW*|ettimeoutbW*?)(|rcbW*?b(?:(?:java|vb)script|shell|http):)|a(?:ctivexobjectb|lertbW*?(|sfunction:))|<(?:(?:bodyb.*?b(?:backgroun|onloa)d|inputb.*?btypebW*?bimage)b| ?(?:(?:script|meta)b|iframe)|![cdata[)|(?:.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)|@import)b)"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Cross-site Scripting (XSS) Attack',id:'959004',tag:'WEB_ATTACK/XSS',logdata:'%{TX.0}',severity:'2'"
# file injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* "@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf /etc/ .htgroup global.asa .wwwacl"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:1500012"
SecAction phase:2,pass,nolog,skipAfter:959005,id:1500013
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "(?:b(?:.(?:ht(?:access|passwd|group)|www_?acl)|global.asa|httpd.conf|boot.ini)b|/etc/)"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Remote File Access Attempt',id:'950005',tag:'WEB_ATTACK/FILE_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/* "(?:b(?:.(?:ht(?:access|passwd|group)|www_?acl)|global.asa|httpd.conf|boot.ini)b|/etc/)"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Remote File Access Attempt',id:'959005',tag:'WEB_ATTACK/FILE_INJECTION',logdata:'%{TX.0}',severity:'2'"
# Command access
SecRule REQUEST_FILENAME "b(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp).exeb"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Access',id:'950002',tag:'WEB_ATTACK/FILE_INJECTION',logdata:'%{TX.0}',severity:'2'"
# Command injection
SecRule ARGS "@pm uname wguest.exe /perl /nasm rcmd.exe nc tclsh /xterm finger tftp chown /echo nmap.exe ping /passwd /chsh ps /uname telnet.exe /ftp ls tclsh8 lsof /ping echo cmd.exe /kill python traceroute /ps perl passwd wsh.exe /rm /cpp chgrp /telnet localgroup kill /chgrp /finger nasm /ls nc.exe id /chmod /nc /g++ /id /chown cmd /nmap chsh /gcc net.exe /python /lsof ftp.exe ftp xterm mail /mail tracert nmap rm cd chmod cpp telnet cmd32.exe gcc g++"
"phase:2,t:none,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:1500014"
SecAction phase:2,pass,nolog,skipAfter:950006,id:1500015
SecRule ARGS "(?:b(?:(?:n(?:et(?:bW+?blocalgroup|.exe)|(?:map|c).exe)|t(?:racer(?:oute|t)|elnet.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp).exe|echobW*?by+)b|c(?:md(?:(?:32)?.exeb|bW*?/c)|d(?:bW*?[\/]|W*?..)|hmod.{0,40}?+.{0,3}x))|[;|`]W*?b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)b|g(?:++|ccb))|/(?:c(?:h(?:grp|mod|own|sh)|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:++|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:['"|;`-s]|$))"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'950006',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES
"@pm uname wguest.exe /perl /nasm rcmd.exe nc tclsh /xterm finger tftp chown /echo nmap.exe ping /passwd /chsh ps /uname telnet.exe /ftp ls tclsh8 lsof /ping echo cmd.exe /kill python traceroute /ps perl passwd wsh.exe /rm /cpp chgrp /telnet localgroup kill /chgrp /finger nasm /ls nc.exe id /chmod /nc /g++ /id /chown cmd /nmap chsh /gcc net.exe /python /lsof ftp.exe ftp xterm mail /mail tracert nmap rm cd chmod cpp telnet cmd32.exe gcc g++"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:1500016"
SecAction pass,nolog,skipAfter:959006,id:1500017
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES
"(?:b(?:(?:n(?:et(?:bW+?blocalgroup|.exe)|(?:map|c).exe)|t(?:racer(?:oute|t)|elnet.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp).exe|echobW*?by+)b|c(?:md(?:(?:32)?.exeb|bW*?/c)|d(?:bW*?[\/]|W*?..)|hmod.{0,40}?+.{0,3}x))|[;|`]W*?b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)b|g(?:++|ccb))|/(?:c(?:h(?:grp|mod|own|sh)|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:++|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:['"|;`-s]|$))"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'959006',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule ARGS
"(?:(?:[;|`]W*?bcc|bwget)b|/cc(?:['"|;`-s]|$))"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'950907',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs|User-Agent)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES"
"(?:(?:[;|`]W*?bcc|bwget)b|/cc(?:['"|;`-s]|$))"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'959907',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"
# SSI injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "<!--W*?#W*?(?:e(?:cho|xec)|printenv|include|cmd)"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'SSI injection Attack',id:'950011',tag:'WEB_ATTACK/SSI_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/* "<!--W*?#W*?(?:e(?:cho|xec)|printenv|include|cmd)"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'SSI injection Attack',id:'959011',tag:'WEB_ATTACK/SSI_INJECTION',logdata:'%{TX.0}',severity:'2'"
# PHP injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* "@pm <?fgets move_uploaded_file $_session readfile ftp_put ftp_fget gzencode ftp_nb_put bzopen readdir $_post fopen gzread ftp_nb_fput ftp_nb_fget ftp_get $_get scandir fscanf readgzfile fread proc_open fgetc fgetss ftp_fput ftp_nb_get session_start fwrite gzwrite gzopen gzcompress"
"phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,pass,nolog,skip:1,id:1500018"
SecAction pass,nolog,skipAfter:959013,id:1500019
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "(?:(?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|$_(?:(?:pos|ge)t|session))b|<?(?!xml))"
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'PHP Injection Attack',id:'950013',tag:'WEB_ATTACK/PHP_INJECTION',tag:'WEB_ATTACK/HTTP_RESPONSSE_SPLITTING',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_HEADERS|XML:/* "(?:(?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|$_(?:(?:pos|ge)t|session))b|<?(?!xml))"
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'PHP Injection Attack',id:'959013',tag:'WEB_ATTACK/PHP_INJECTION',tag:'WEB_ATTACK/HTTP_RESPONSSE_SPLITTING',logdata:'%{TX.0}',severity:'2'"