after updating to csf v9.10 custom regex rules stop triggering regex.custom.pm
i use centos 7 with plesk and mod_Security
regex.custom.pm rule:
Code: Select all
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /(\S+) - - \[\S+\s+\S+\] "(GET|POST) \/ HTTP\/\S+" \d+ \d+ \S+\s+"\S+ \(compatible\; (MJ12bot|Baiduspider|AhrefsBot)\/\S+ \S?http\S+\)"/)) {
return ("GET POST HEAD Attempt From: $1","MJ12bot-Baiduspider-AhrefsBot","1","1");
}
Lines to trigger:
Code: Select all
149.202.48.192 - - [12/Jul/2016:08:43:51 +0300] "GET / HTTP/1.0" 200 96340 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http://www.majestic12.co.uk/bot.php?+)"
180.76.15.30 - - [12/Jul/2016:08:24:38 +0300] "GET / HTTP/1.0" 200 21132 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
and
Code: Select all
if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /(\S+) - - \[\S+\s+\S+\] "(GET|POST) \/\S+ HTTP\/\S+" \d+ \d+ \S+\s+"\S+ \(compatible\; (MJ12bot|Baiduspider|AhrefsBot)\/\S+ \S?http\S+\)"/)) {
return ("GET POST HEAD Attempt From: $1","MJ12bot-Baiduspider-AhrefsBot2","1","1");
}
Lines to trigger:
Code: Select all
180.76.15.134 - - [12/Jul/2016:08:35:17 +0300] "GET /language/en/kallirroe-hotel/ HTTP/1.0" 200 7285 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
51.255.65.8 - - [12/Jul/2016:08:54:14 +0300] "GET /tag/%CF%80%CE%BB%CE%B7%CF%81%CF%8E%CE%BC%CE%B1%CF%84%CE%B1/ HTTP/1.0" 200 96452 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
173.208.157.186 - - [12/Jul/2016:08:38:10 +0300] "GET /shop/ HTTP/1.0" 200 18182 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http://www.majestic12.co.uk/bot.php?+)"