htacces: Invalid command 'SecFilterEngine' + 500 Internal server error

We are getting 500 Internal Server Error on the site.

All the file permissions and ownerships are correct.

-----------------

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@the-landscape-design-site.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

----------------------------------------------------

As I checked the apache error logs, it is showing-

----------------------------------------------------------------------------------------------

[Wed Mar 17 02:25:40 2010] [alert] [client xx.xx.x.xxx] /home/USER/public_html/.htaccess: Invalid command 'SecFilterEngine', perhaps mis-spelled or defined by a module not included in the server configuration, referer: http://www.websitename.com/

---------------------------------------------------------------------------------------------

Fix:

vi /home/USER/public_html/.htaccess

and search for the line containing words "SecFilterEngine" and "SecFilterScanPOST" and make comment for these lines and you can add following 4 lines(without number) proper code to disable mod security for this particular site.

--------------------------------

SecFilterEngine Off

SecFilterScanPOST Off

--------------------------------

save your .htaccess and restart apache on server. Your site should work now.

**********************************************

You can also disable mod security for a domain through virtual entry in httpd.conf.

First you should login to your server via SSH as the ‘root’ user.

You should then use nano or your favorite text editor (ie. pico, vi etc…)

to open the /etc/httpd/conf/httpd.conf (sometimes /usr/local/apache/conf/httpd.conf or /etc/apache2/httpd.conf) file.

Notice: You may have to edit a different file such as

/etc/httpd.conf/conf.d/vhosts.conf if your server is setup to use a separate vhost configuration file.

You should then locate the vhost for the domain in question and paste the following code into the vhost:

--------------------------

SecFilterEngine Off

SecFilterScanPOST Off

-------------------------

Now you just have to save, exit and restart apache. Run service httpd restart or /etc/init.d/httpd restart or whatever script you have to restart Apache.

You can manage most of the main mod_security settings from a .htaccess file, so you can control it down to a per-domain, per-directory and/or per-file basis, switching off individuals rules, added new ones and just turning it off.

*********************

DomainKeys and SPF

If you want to add DomainKeys and SPF for every new account created on Cpanel, then do the following.

----------------------------------------------------------

Add DomainKeys for single user

/usr/local/cpanel/bin/domain_keys_installer username

-----------------------------------------------------------

Add DomainKeys for all CPanel users.

If you wish to add DomainKeys for all Cpanel users on your server, execute following command.

cat /var/cpanel/users | while read a; do
/usr/local/cpanel/bin/domain_keys_installer $a
done

----------------------------------------------------------

Add SPF for single Cpanel accounts.

/usr/local/cpanel/bin/spf_installer username

------------------------------------------------------------

Add SPF for all Cpanel accounts.

If you want to add SPF records for all cpanel accounts exist on your server then use the following command.

cat /var/cpanel/users | while read a; do
/usr/local/cpanel/bin/spf_installer $a
done

--------------------------------------------------------

ADD SPF record while creating new accounts from WHM >>create account option.

vi /scripts/postwwwacct

postwwwacct is a file which execute after wwwacct (used to create account), paste following lines in the file.

*******

#!/usr/bin/perl

my %OPTS = @ARGV;
$ENV{USER} = “$OPTS{’user’}”;

#For domain key
system q(/usr/local/cpanel/bin/domain_keys_installer $USER);

#for spf record
system q(/usr/local/cpanel/bin/spf_installer $USER);

********

save it and restart cpanel service.

And create account from WHM and check DNS once the account is created. You will the SPF record is added automatically.

Mailbox quota shown wrong on cPanel

On your cPanel dedicated server, for an email the mailbox quota is displayed wrong ,
Go through the following steps:

Login to your server as root
cd /home/username/mail/domain.com/emailaccount
rm -rf maildirsize

Now, login to cPanel
Go to email account and change the quota for particular email account.
(Once you change quota, it will recreate file maildirsize automatically)

You can also delete maildirsize file from cpanel > file manager

repquota 100% with high load

The root process repquota is running with high cpu usage .

#ps afuxww | grep -i quota

->
root 10966 0.0 0.0 3276 528 ? D 05:14 0:00 | \_ /usr/sbin/repquota -auv
root 10556 0.0 0.0 3280 644 ? D 05:13 0:00 | \_ quota -v
root 10646 0.0 0.0 2916 644 ? D 05:13 0:00 | \_ quota -v
root 10745 0.0 0.0 1948 644 ? D 05:14 0:00 | \_ quota -v
root 10814 0.0 0.0 3284 640 ? D 05:14 0:00 | \_ quota -v

I have tried to kill repquota process but it is not getting killed.

This issue could be related to a read-only file system or file system corruption.

The following should help to determine if there is a read-only file-system

#touch testfile

If the "touch" command fails to create the files it should display an error, such as indicating there is a read-only file system.

You can reboot the server to resolve this.

If you are constantly facing repquota issue on server you can permanently disable the quotas

Run the command
quotaoff -a
Then remove the entry userquota from fstab, It will help you.

you can make changes in /etc/mtab and /etc/fstab for this.

Then mount it
#mount -a

Apache Optimization

Apache Optimization

1. Make a back up of your httpd.conf with following command
cp /user/local/apache/conf/httpd.conf /user/local/apache/conf/httpd.conf-backup



2. vi /user/local/apache/conf/httpd.conf

3. Make the following changes : ( you’d find these near the start )

Timeout 250
KeepAlive On
MaxKeepAliveRequests 250
KeepAliveTimeout 3
MinSpareServers 5
MaxSpareServers 15
StartServers 5
MaxClients 20
MaxRequestsPerChild 2000
HostnameLookups Off

4. Save and exit editor.

DNS recursive

DNS recursive

For who have recently notice that now DNSreport do verify if your DNS is recursive lookup or not, here is the tip on how to set it up.

open you named.conf and add before options { the follow lines:

acl "trusted" {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};

where xxx.xxx.xxx.xxx is your ip address same for yyy.yyy.yyy.yyy.
for cpanel users, you can find yours ips in the follow file: /etc/nameserverips

after that, inside the options add after the line "// query-source address * port 53;" the follow:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

also uncomment the line

"// query-source address * port 53;"

to

"query-source address * port 53;" without the (double-quotes).

restart your service.

Verify again your status with DNSreport.

close your open DNS servers

For who have recently notice that now DNSreport do verify if your DNS is recursive lookup or not, here is the tip on how to set it up.

open you named.conf and add before options { the follow lines:

acl "trusted" {
xxx.xxx.xxx.xxx;
yyy.yyy.yyy.yyy;
};

where xxx.xxx.xxx.xxx is your ip address same for yyy.yyy.yyy.yyy.
for cpanel users, you can find yours ips in the follow file: /etc/nameserverips

after that, inside the options add after the line "// query-source address * port 53;" the follow:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

also uncomment the line "// query-source address * port 53;" "to query-source address * port 53;" with out the " (double-quotes).

restart your service.

Verify again your status with DNSreport.

Observation: you can also set up a version line it should be like:
version "Oh come on why do you want to know witch version my DNS server is ?";

this line can be add iside your named.conf