Symptoms
-
ModSecurity blocks access to the file with the following errors in
/var/log/modsecurity_audit.log
:Message: collections_remove_stale: Failed to access DBM file "/var/cache/modsecurity/apache-global": Permission denied
Message: collections_remove_stale: Failed to access DBM file "/var/cache/modsecurity/apache-ip": Permission denied
Cause
Content of the directory as follows:
# ls -la /var/cache/modsecurity/
drwxr-x— 2 root root 4096 May 4 15:12 .
drwx—— 10 root root 4096 Apr 15 10:52 …
Or entire directory is missing:
# ls -la /var/cache/modsecurity/
ls: cannot access /var/cache/modsecurity/: No such file or directory
Corrupted ModSecurity cache.
Resolution
-
Login server via SSH
- Re-create directory if missing and set up proper permissions/ownership:
# mkdir /var/cache/modsecurity/
# chmod 750 /var/cache/modsecurity/
# chown apache:root /var/cache/modsecurity/
-
Fix permissions and re-create files:
# chown apache:root /var/cache/modsecurity/./
# chmod 755 /var/cache/modsecurity/../
# cd /var/cache/modsecurity/
# touch apache-global.dir && chown apache:apache apache-global.dir && chmod 640 apache-global.dir
# touch apache-global.pag && chown apache:apache apache-global.pag && chmod 640 apache-global.pag
# touch apache-ip.dir && chown apache:apache apache-ip.dir && chmod 640 apache-ip.dir
# touch apache-ip.pag && chown apache:apache apache-ip.pag && chmod 640 apache-ip.pag
- (Additional step incase SELinux is in use)
# chcon -R -t httpd_cache_t /var/cache/modsecurity