Cron job stopped due to mod security ruleset

Checking for errors

• Cron status check

/var/log/cron (shows cron status ie: Running or not)

• Related errors

/usr/local/apache/logs/security_log
or
/usr/local/apache/logs/error_log
ERROR
[Fri Nov 19 17:18:37 2010] [error] [client XX.XX.XX.XX] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "58"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname www.domain.com"] [uri "/cron.php"] [unique_id "TOZkLcx8tssAAHkegJ4AAABV"]
Mod_sec rule check location

• /usr/local/apache/conf/modsec2.conf

• /usr/local/apache/conf/modsec2.user.conf

How To Fix
Any of the below three can be done. 1st one is the most suggested .

1. Disable the specific rule for your website OR the specific directory by specifying the following code in the VirtualHost of the domain.
   Edit the httpd.conf file and place the below code in the Virtualhost of the domain
   <LocationMatch "/">
   SecRuleRemoveById 990011
   </LocationMatch>
   Save the file and restart the httpd service. This will make sure that the rule 990011 will not be applicable for the account www.mydomain.com. Id can be obtained from the logs.
2. Disable mod security for the domain If you want to disable mod_security2 for a particular domain on Apache2, add the following lines into the virtualhost entry of the particular domain in httpd configuration file:
   <IfModule mod_security2.c>
   SecRuleEngine off
   </IfModule>
   Save the file and restart httpd.
3. Disabling the rule that causes the error from the modsec rule set ie by removing the rule from the mentioned file.