ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

mod_security : don't block ALL entries

https://mail.forum.configserver.com/viewtopic.php?t=153

Page 1 of 1

mod_security : don't block ALL entries

Posted: 06 Jan 2007, 17:05
by Marie
Hi Chirpy :)

I changed your regex.pm a little to not block all mod_security related entries as some IPs were getting blocked for "Access Allowed", for example :p

My rule is now :

Code: Select all

    if (($config{LF_MODSEC}) and ($line =~ /\[client (.*)\] mod_security: Access denied/)) {
        return ("mod_security triggered by",$1,"mod_security");
But I guess it will be overwritten with the next csf update... maybe you could consider to change the regex.pm by default ?

Thank you once more for this fantastic tool !

Posted: 06 Jan 2007, 17:15
by chirpy
It'd changed after some work with mod_security v1. I've reverted it back to how it was for csf v2.54 now :)

Posted: 06 Jan 2007, 17:33
by Marie
Great to hear ! Thank you so much ! :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited