Mod Security Blocking Access to the Zend Server UI

Avatar
Milind Deshmukh
Follow

This article is also available in our new Knowledge Base: Mod Security Blocking Access to the Zend Server UI

Applies To

Zend Server

Apache

 

Issue

After installing Zend Server, the Zend Server UI is inaccessible - instead of the bootstrap wizard, the following error message appears:

Zend Server failed during initialization: An exception was raised while creating "Configuration\License\ZemUtilsWrapper"; no instance returned
An exception was raised while creating "Configuration\License\ZemUtilsWrapper"; no instance returned
Error executing the query. Probably DB is locked

 

Technical

Based on the rules configured, Apache's Mod Security module might block Zend Server's internal VHost http://127.0.0.1:10083/UserServer, preventing ZSD (Zend Server Daemon) from accessing it. This VHost must be accessible to ZSD in order for Zend Server to bootstrap and function correctly. Relevant error messages are logged in /usr/local/zend/var/log/gui_vhost_error.log and in Apache's error log /usr/local/zend/var/log/error.log:

[Wed May 10 16:07:24.633556 2017] [:error] [pid 5899] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/UserServer/zsd_print_extensions.php"] [unique_id "WRM6vHiE9Mf1gONL598XLwAAAAM"]

 

Solution

You can disable Mod Security for Zend Server's VHost http://127.0.0.1:10083/UserServer by adding the following rule in the <VirtualHost> section of the VHost's configuration file:

<IfModule security2_module>
SecRuleEngine Off
</IfModule>

The path and the name of the above configuration file varies depending on the operating system: 

RPM based operating systems: /etc/httpd/conf.d/zendserver_gui.conf

DEB based operating systems: /etc/apache2/sites-enabled/zendserver_gui.conf

Windows: <ZEND_SERVER_DIRECTORY>\Apache24\conf\zend.conf

OS X: /usr/local/zend/apache2/conf.d/zendserver_gui.conf

For reference, attached to this article are sample VHost files after adding the Mod Security code.

Comments