More info in CSF.DENY for modsecurity?

Post Reply
Sergio
Junior Member
Posts: 1715
Joined: 12 Dec 2006, 14:56

More info in CSF.DENY for modsecurity?

Post by Sergio »

Hello Chirpy and Sarah,
could it be possible to include on the details of a blocked IP in CSF.DENY made by mod_security, the rule number that was triggered by the IP? If there were a few different rules, to write the last one?

This an actual line in CSF.DENY:
113.64.81.10 # lfd: (mod_security) mod_security triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013

It would be great to have it this way:
113.64.81.10 # lfd: (mod_security) rule "950051" triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013

It will be great to have the rule id instead of two times the word "mod_security" and it will help to see in a glance what rule id is the most triggered.

Regards,

Sergio
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: More info in CSF.DENY for modsecurity?

Post by ForumAdmin »

We'll include something for this in the next release.
Sergio
Junior Member
Posts: 1715
Joined: 12 Dec 2006, 14:56

Re: More info in CSF.DENY for modsecurity?

Post by Sergio »

Thank you, I will wait for the next release.
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: More info in CSF.DENY for modsecurity?

Post by ForumAdmin »

This has been included in csf v6.34:
http://blog.configserver.com/?p=2041
Post Reply