ConfigServer Community Forum

Hi Sergio, a very big thank you for helping me out. Now it makes sense!
AND for introducing me to https://regex101.com/ Off I go to start learning more about regex.

HTACCESS_LOG = "/usr/local/apache/logs/error_log" MODSEC_LOG = "/etc/apache2/logs/modsec_audit.log" SSHD_LOG = "/var/log/secure" SU_LOG = "/var/log/secure" SUDO_LOG = "/var/log/secure" FTPD_LOG = "/var/log/messages" SMTPAUTH_LOG = "/va...

Yes- have I done it wrong?
CUSTOM1_LOG = "/usr/local/apache/domlogs/*/*"

I am not sure if I have done the right thing. I figured the rule you mentioned above is a CSF Regex and not a mod_security rule. I have added it to the CSF Custom Regex area like this: if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[:error\] \[pid \d+.*\]...

Hi Sergio, I have a few weird things going on, that appear un-predictable. I think the first thing I need to figure out is how to write a regex rule that blocks mod_sec "Warnings" as noted in cPanel mod_sec tools. I read that you have a regex for this and I need to pay for it (I am useless...

Hello, I have been running these delayed atomic rule sets for some time. I have found out that atomic rule sets are working if I review Mod_security tools. I see Critical messages. I am aware that CSF does not block warnings. In my case Critical notices are not blocking IPs in the CSF firewall. I ha...

Hello, This topic has been mentioned already. I have read all the relative posts, I think and cannot find an answer. We are running centos 7.9, mod_security 3, CSF rules and mod_lsapi. We do see that mod_security is correctly identifying attacks in the cPanel tools. When we look in our CSF logs, we ...

Hello, I am having trouble with this. Please can someone help me with the custom Regex. I tried to whitelist user in pignore, but not working. Basically I dont want these suspicious file notices as they are false positive, so I need a regex or to know how to whitelist this user: /tmp/systemd-private...