ConfigServer Community Forum

If you are running Mod Security 3 rule sets on Open Litespeed, LFD won't automatically ban IP based on LF_MODSEC. You still need to make sure you specify your Open Litespeed error.log file using MODSEC_LOG # Fix lack of support for ModSecurity with Open Litespeed if (($lgfile eq $config{MODSEC_LOG})...

Nice, the rule is ok if it works, :-) I just would use "\s" instead of "\s+" if there is only one space between words, but is not important. I always use regex101.com to check my REGEX and to see the speed of the rule. Sergio I updated code above with your suggestions. Hopefully...

For me it is better to find ModSec blocks info on /etc/apache2/logs/error_log Check if you have that file and you can use that file to write your own rule at: /usr/local/csf/bin/regex.custom.pm Sergio Well, I am not expert with regex, but syntax seemed fairly simple. I tested it and it works. If an...

I did some more testing. I removed all rules and created a simple test rule that denies access when you try and access phpinfo.php SecRule REQUEST_URI "@pm phpinfo.php" "phase:1,id:'10',log,deny,status:403" error.log 2020-06-07 19:27:02.569178 [INFO] [172.69.66.60:41142#danielsbl...

I cannot seem to get this to work. I am running openlitespeed with mod_security 3.0 module on a non-cPanel CentOS 8 server and it denies access when using test URL, and logs the event like it supposed to, but LFD completely ignores it. csf.conf has the following: LF_MODSEC = "5" LF_MODSEC_...

It appears iptables supports --string 'X-Forwarded-For: x.x.x.x'
This would be an awesome feature to implement for us people who use proxies.

So it didn't take me long to realize that IP's are not actually being banned when using Cloudflare because iptables isn't looking for "X-Forwarded-For" in the header (is this even possible?) So the attack comes from Cloudflare IP, which of course is whitelisted, so the server is completely...