More info in CSF.DENY for modsecurity?

Sergio · Post by **Sergio** » 10 Sep 2013, 19:12

Hello Chirpy and Sarah,
could it be possible to include on the details of a blocked IP in CSF.DENY made by mod_security, the rule number that was triggered by the IP? If there were a few different rules, to write the last one?

This an actual line in CSF.DENY:
113.64.81.10 # lfd: (mod_security) mod_security triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013

It would be great to have it this way:
113.64.81.10 # lfd: (mod_security) rule "950051" triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013

It will be great to have the rule id instead of two times the word "mod_security" and it will help to see in a glance what rule id is the most triggered.

Regards,

Sergio

Post by **ForumAdmin** » 13 Sep 2013, 16:19

We'll include something for this in the next release.

Sergio · Post by **Sergio** » 13 Sep 2013, 16:37

Thank you, I will wait for the next release.

Post by **ForumAdmin** » 14 Sep 2013, 11:35

This has been included in csf v6.34:
http://blog.configserver.com/?p=2041

ConfigServer Community Forum

More info in CSF.DENY for modsecurity?

More info in CSF.DENY for modsecurity?

Re: More info in CSF.DENY for modsecurity?

Re: More info in CSF.DENY for modsecurity?

Re: More info in CSF.DENY for modsecurity?