Apache fails to start on a Plesk server: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory

The error message indicates that Apache's ModSecurity module is failing to load IPs from a file located at /etc/asl/whitelist, as the file does not exist.

This issue is related to the Advanced Policy Firewall (APF) or Atomicorp's ASL (Atomic Secured Linux) firewall, which is a security suite used on some Plesk servers.

Here's how you can address this issue:

  1. Verify ASL/Atomicorp Firewall Installation:

    • Confirm that the Atomicorp ASL firewall is installed on your server. This firewall often comes pre-installed on Plesk servers, but it's possible it may not be present.
  2. Reinstall or Update ASL:

    • If ASL is installed, you might want to consider reinstalling or updating it to ensure that all necessary files and configurations are in place.
  3. Check if ModSecurity is Enabled:

    • Verify that ModSecurity is enabled in your Apache configuration. It's possible that it's trying to load a configuration file related to ModSecurity.
  4. Create the Whitelist File:

    • If you determine that the whitelist file is necessary for your server's security setup, create an empty file at /etc/asl/whitelist. This might be a temporary solution until you can further investigate why it's missing.
    sudo touch /etc/asl/whitelist
  5. Verify ASL Configuration:

    • Check the configuration files of ASL, especially for any references to IP whitelists. Ensure that they are correctly pointing to the whitelist file.
  6. Restart Apache:

    • After making any necessary changes, restart Apache:

      sudo systemctl restart apache2 # On Debian/Ubuntu sudo systemctl restart httpd # On CentOS/Red Hat
  7. Check Logs:

    • Review the Apache and ASL logs for any additional error messages or warnings that might provide more context on the issue.
  8. Contact Support or Community:

    • If the issue persists or if you're unsure about how to proceed, consider reaching out to Plesk support or the Atomicorp community for further assistance. They might have specific recommendations or solutions for your setup.

Remember, working with firewalls and security configurations requires caution, so it's recommended to have backups and test changes in a controlled environment whenever possible.

  • 0 Users Found This Useful
Was this answer helpful?