How to manually restart Mod_Security+Apache+Proxy?

plandry64 · Jan 18, 2013, 6:26 AM

Hi Everyone,
I'm running 2.0.1-RELEASE (amd64) with apache_mod_security 0.1.2 package running as a reverse proxy server.
Last week I ran into a limit when I surpassed 64 defined Site Proxies.
Once I put in the 65th, the service wouldn't restart, even though the status page said it did.
The 65th Site Proxy wouldn't be active until I reboot the firewall hardware.
I googled the issue and found where I had to up the default MaxClients in the /usr/local/etc/apache22/extra/httpd-default.conf file.
However, as I add more Site Proxies, I still have to reboot the firewall hardware.
I've SSH'd into the firewall and manually stopped the proxy service, but I can't get it to start again.
Only a reboot seems to get the proxy service running again.
Can someone tell me what the correct command line syntax is to get the apache_mod_security service running again?
Longer term, I'd like to know what I can do to get the GUI working again? Is there an equivalent "MaxClient" setting somewhere in the GUI code that needs to be changed?
Thanks!
Paul

marcelloc · Jan 22, 2013, 3:37 AM

Backup your config first.

Then, edit backup file and find config XML lines you want go remove, then you can try to

Restore backup or manual edit current config on console/ssh using viconfig.

plandry64 · Jan 23, 2013, 7:34 PM

Thanks marcelloc.
From your response, should I infer that I've got a corrupted XML config file?
I'm just trying to picture how this all works, and would like to spot where the corruption was.
I'm adding new proxy entries fairly regularly and having to reboot the pfSense hardware to get the entry to take effect isn't a long-term viable solution.
Is there another reverse-proxy package for pfSense 2.0.1 that I should consider using?
Paul

marcelloc · Jan 24, 2013, 1:43 PM

@plandry64:

Is there another reverse-proxy package for pfSense 2.0.1 that I should consider using?

varnish(http)
haproxy(http + https)
squid3 (http + https)

I'm working on a new version of apache+mod_security package, but I'm not having much time to finish it.

plandry64 · Jan 25, 2013, 4:40 PM

I will check out these packages to see if one will better serve me.
I will be following your other instructions tomorrow.
I can take down the firewall for an extended amount of time during the week.
I appreciate your knowledge and help!
Obrigado!
Paul

plandry64 · Feb 5, 2013, 7:57 PM

I went through the backup and restore process, but there was nothing to clean up in the XML file. Everything had a matching opening/closing tag.
Any new reverse proxy entries that I add, through the GUI, show up in the XML file, but the GUI stop and restart commands don't work.
To restart the proxy service, I still have to reboot the server, so I go back to my original question (until I can investigate a different reverse-proxy pkg).
From the command line, how can I stop and then start the Mod_Security+Apache+Proxy package, so that I don't have to reboot the firewall?
Anyboday know where the scripts are for this pkg?
TIA
Paul