Mod_Security with CSF/LFD & CWP not blocking or adding to CSF
Posted: 08 Feb 2025, 06:18
Since the Comodo ruleset is dead, I'm trying to switch over to OWASP.
Mod_Security & the OWASP ruleset are installed on a CWP server.
But when I do, LFD doesn't send the email alert or add it to the csf.deny
CSF setting are:
LF_MODSEC = "5"
LF_MODSEC_PERM = "1"
I have tried different paths of MODSEC, the default is:
MODSEC_LOG = "/usr/local/apache/logs/error_log"
and
MODSEC_LOG = "/usr/local/apache/logs/modsec_audit.log"
When I look at the lfd.log file in /var/log, it shows Watching /usr/local/apache/logs/error_log...
It look like Mod_Security is identifying the attempt, but not sure if it's blocking it or not, since it doesn't create the IP in CSF.
Any suggestions?
Thanks
Mod_Security & the OWASP ruleset are installed on a CWP server.
But when I do, LFD doesn't send the email alert or add it to the csf.deny
CSF setting are:
LF_MODSEC = "5"
LF_MODSEC_PERM = "1"
I have tried different paths of MODSEC, the default is:
MODSEC_LOG = "/usr/local/apache/logs/error_log"
and
MODSEC_LOG = "/usr/local/apache/logs/modsec_audit.log"
When I look at the lfd.log file in /var/log, it shows Watching /usr/local/apache/logs/error_log...
It look like Mod_Security is identifying the attempt, but not sure if it's blocking it or not, since it doesn't create the IP in CSF.
Any suggestions?
Thanks