- DDos from facebook
- User-agent
Code: Select all
173.252.124.57 - - [07/Apr/2017:17:36:47 +0700] "GET / HTTP/1.1" 444 13710 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
Panel: Directadmin Custombuild 2.0
Csf Config:
LF_CXS = 1
LF_CXS_PERM = 1
LF_MODSEC = 5
MODSEC_LOG = /var/log/httpd/modsec_audit.log
LDF On
Log in audit log security
Code: Select all
--64513437-H--
Message: Access denied with code 444 (phase 1). Pattern match "externalhit_uatext" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity.d/manh.conf"] [line "1"] [id "1993"]
Action: Intercepted (phase 1)
Stopwatch: 1491562247538072 750 (- - -)
Stopwatch2: 1491562247538072 750; combined=26, p1=21, p2=0, p3=0, p4=0, p5=5, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/).
Server: Apache/2
Engine-Mode: "ENABLED"
- When i try test with agent "Linux", csf block my ip (Trigger modsecurity) but only 1 time, after i remove ip then test again, csf do not block
- Im block User-agent from facebook with modsecurity, modsecurity blocked, but csf DO NOT work, DO NOT block anything.
- I'm too tired for find issue,
what wrong with my config?