service httpd status showing Not Acceptable Error

Yesterday (31-01-2014), i had an issue with our server, when i am trying “service httpd status” on cpanel server. I got below error message and I have google based error, but i’m not getting any proper solution.

After that i had verified the apache error log and found nature of that issues. So, if you face any issue on server first you should check apache error log to know the real happenings, if you are Good in Analytical knowledge, then most of the issues can be identified and resolved by yourself by checking apache error logs. If you can’t able to identify the causes of issues then made google search and get solution.

1) Error message of service httpd status on cpanel server ?

The below Error message which is getting while checking service httpd status on cpanel server.

[email protected] [~]# service httpd status
Not Acceptable

An appropriate representation of the requested resource
/whm-server-status could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request.

2) Analysing apache error log ?

I had checked our apache “error_log” file and found that, it having 244MB of logs, if i open the file it will definitely take some time to load. So i had used grep command to print the matching pattern. See the output.

[email protected] [/usr/local/apache/logs]# grep "/whm-server-status" error_log
[Wed Jan 29 17:42:57 2014] [error] [client ::1] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "58"] [id "1234123429"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "localhost"] [uri "/whm-server-status"] [unique_id "UujwSVOqdYoAAAs9DEAAAAAB"]

[Wed Jan 29 17:43:36 2014] [error] [client ::1] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "58"] [id "1234123429"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "localhost"] [uri "/whm-server-status"] [unique_id "UujwcFOqdYoAAA-9EFYAAAAC"]

[Wed Jan 29 17:44:22 2014] [error] [client ::1] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "58"] [id "1234123429"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "localhost"] [uri "/whm-server-status"] [unique_id "UujwnlOqdYoAAA-7EFQAAAAA"]
[email protected] [/usr/local/apache/logs]#

The output clearly shows, whm-server-status was blocked by modesec rule at line “58” and id “1234123429” on /usr/local/apache/conf/modsec2.user.conf file.

3) How to comment the rule ?

I have just open the corresponding file (ctrl+w (finding the word) & ctrl+t (finding the line number)) and commented the corresponding line (using # to put the line beginning) and rules then checked the service status.

[email protected] [~]# nano /usr/local/apache/conf/modsec2.user.conf
  GNU nano 2.0.9                                 File: /usr/local/apache/conf/modsec2.user.conf


# Restrict file extension
# removed exe so that frontpage will work

# Restricted HTTP headers
SecRule REQUEST_HEADERS_NAMES "\.(?:Lock-Token|Translate|If)$" \
    "deny,log,auditlog,msg:'HTTP header is restricted by policy',id:'1234123434',severity:'4'"

SecRule HTTP_User-Agent "(?:\b(?:m(?:ozilla\/4\.0 \(compatible\)|etis)|webtrends security analyzer|pmafind)\b|n(?:-stealth|sauditor|essus|ikto)|b(?:lack ?widow|rutus|$
        "deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'1234123433',severity:'2'"
SecRule REQUEST_HEADERS_NAMES "\bacunetix-product\b" \
        "deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'1234123432',severity:'2'"
SecRule REQUEST_FILENAME "^/nessustest" \
        "deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'1234123431',severity:'2'"

SecRule REQUEST_HEADERS:User-Agent "(?:m(?:ozilla\/(?:4\.0 \(compatible; advanced email extractor|2\.0 \(compatible; newt activex; win32\))|ailto:craftbot\@yahoo\.com$
        "deny,log,auditlog,msg:'Rogue web site crawler',id:'1234123430',severity:'2'"

#SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:ownload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)$
#        "chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'1234123429',severity:'5'"
#SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"

4) Rechecking httpd status ?

Now, i’m going to check the httpd status and get the clear output.

[email protected] [~]# service httpd status
                       Apache Server Status for localhost

   Server Version: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips
          DAV/2 mod_bwlimited/1.4

   Server Built: Jan 29 2014 15:37:16
     __________________________________________________________________

   Current Time: Saturday, 01-Feb-2014 16:18:15 IST
   Restart Time: Thursday, 30-Jan-2014 10:39:27 IST
   Parent Server Generation: 28
   Server uptime: 2 days 5 hours 38 minutes 48 seconds
   Total accesses: 3074 - Total Traffic: 10.0 MB
   CPU Usage: u.48 s.2 cu6.34 cs0 - .00363% CPU load
   .0159 requests/sec - 54 B/second - 3424 B/request
   1 requests currently being processed, 23 idle workers

____________________W___........................................
................................................................
................................................................

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...