Apache fails to start on a Plesk server: ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file “/etc/asl/whitelist”: No such file or directory

Symptoms

• On a Plesk for Linux server, Apache fails to start with the following error shown on the Plesk Home page:

  Template_Exception: AH00526: Syntax error on line 24 of /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf:
  ModSecurity: failed to load IPs from: /etc/asl/whitelist Could not open ipmatch file "/etc/asl/whitelist": No such file or directory

• Enabling ModSecurity in the menu Tools & Settings > Web Application Firewall (ModSecurity) fails:

  modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_id apache_control_adapter[29113]: apache_action(restart): invoke_httpd_action failed, trying second time
  modsecurity_ctl failed: [Errno 2] No such file or directory: '/var/asl/bin/aum': '/var/asl/bin/aum'

• The following error is shown in the menu Tools & Settings > Web Application Firewall (ModSecurity):

  Failed to update the ModSecurity rule set: modsecurity_ctl failed: Command '['sed', '-i', '-e', 's#^MODSEC_RULES_PATHs*=.*#MODSEC_RULES_PATH="/etc/httpd/conf/modsecurity.d/rules/tortix/modsec"#g', '-e', 's#^RESTART_APACHEs*=.*#RESTART_APACHE="no"#g', '-e', 's#^AUTOMATIC_UPDATESs*=.*#AUTOMATIC_UPDATES="no"#g', '-e', 's#^MODSEC_50_PLESKs*=.*#MODSEC_50_PLESK="yes"#g', '/etc/asl/config']' returned non-zero exit status 2.

• Atomic Standard rule set is in use.

Cause

Issue on the Atomic side, fixed in the update of the aum package (updater of Atomic rule set) 6.0.48-29386.

Resolution

1. Connect to the server using SSH.
2. Update the aum package to the latest version:

   # touch /var/awp/etc/config
   # aum -u

3. Log into Plesk.
4. Go to Tools & Settings > Web Application Firewall (ModSecurity).
5. Change Rule set option to Comodo rule set and click OK or Apply.
6. Change Rule set option back to Atomic Standard rule set and click OK or Apply.