hi,
i've a cpanel server with regex.custom.pm, but getting ignored and no block
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^(\S+).* HTTP\/.* 403/)) {
return ("403 bruteforce",$1,"block","2","80,443","604800");
}
CUSTOM1_LOG is
CUSTOM1_LOG = "/var/log/apache2/domlogs/*/*"
Access log with 403
1.1.1.1 - - [04/Dec/2024:17:46:26 -0500] "HEAD /?play=ulti700?page=1&mqwsaWOeAy&cLLFTOZk59 HTTP/2" 403 0 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Acoo Browser; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.1; .NET CLR 3.5.30729; .NET CLR 3.0.30618)"