After opening a post on the cPanel website someone has suggested it's because modsec_audit.log entries are recorded as "ModSecurity: Warning" which won't trigger CSF.
HAs anyone come across this issue before?
Search found 2 matches
- 22 Nov 2023, 13:54
- Forum: General Discussion (csf)
- Topic: ModSec events not triggering CSF blocks (updated)
- Replies: 1
- Views: 4655
- 16 Nov 2023, 16:27
- Forum: General Discussion (csf)
- Topic: ModSec events not triggering CSF blocks (updated)
- Replies: 1
- Views: 4655
ModSec events not triggering CSF blocks (updated)
Hi all Updated post after further investigation. It looks like CSF has not been blocking IPs based on ModSec events for over 30 days, at least. This is across two WHM CentOS servers. LFD Stats only show CT_LIMIT, LF_DISTATTACK, and LF_PERMBLOCK_CONT triggers, but no LF_MODSEC events in the last 30 d...