how to fix the ModSecurity “invalid range in character class” error:

narcolepticnerd June 5, 2025 0 comments

WHM auto updated itself and in doing so it added something that took down my apache it modified its own rule and added in an invalid character which in turn caused a syntax error and made my web server not restart, this caused downtime of a couple of seconds for my over 300 customers, I get noitified instantly when something fails to start then i type in a single command and my cell phone restarts the apache easily. This is what I had to fix to get it back up.

How to Fix ModSecurity “invalid range in character class” Error in Apache

If you see an error like this in your Apache logs:

AH00526: Syntax error on line 6035 of /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf:
Error creating rule: Error compiling pattern (offset 4): invalid range in character class

It means there’s a problem with a regular expression in your ModSecurity rules—specifically, an invalid range inside a character class (the part inside [ ... ]).

What Causes This?

A common mistake is using a dash - in a character class in a way that creates an invalid range. For example, this is invalid:

[\d-:]

The dash here is interpreted as a range between \d and :, which is not valid.

How to Fix

  1. Open the file and go to the line mentioned in the error:
  2. First i tested apache config to find the exact line
  3. testing the apache config I received this…
    • [root@dedicated218 www]# apachectl configtest
    • AH00526: Syntax error on line 6035 of /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf:
    • Error creating rule: Error compiling pattern (offset 4): invalid range in character class
   sudo nano +6035 /etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf
  1. Find the problematic line.
    For example:
   SecRule ARGS_POST:closedate "!@rx ^[\d-:]+$" \
       "t:none,t:removeWhitespace"
  1. Fix the character class.
  • Use [0-9:-] instead of [\d-:]
  • Or, if you want to allow only digits, dashes, and colons, use [0-9:-] Corrected line:
   SecRule ARGS_POST:closedate "!@rx ^[0-9:-]+$" \
       "t:none,t:removeWhitespace"
  1. Save the file and test your Apache config:
   sudo apachectl configtest
[root@dedicated218 www]# apachectl configtest
Syntax OK


If the test passes, reload Apache:

       sudo systemctl reload httpd

    Summary

    • The error is caused by an invalid character range in a regex.
    • Move the dash to the end or escape it, and use [0-9] instead of \d for best compatibility.
    • Always test your Apache config after making changes.

    That’s it! Your Apache server should now start without errors.

    Category: News / Posts

    Leave the first comment