ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

LF_APACHE_404 Not Working

https://mail.forum.configserver.com/viewtopic.php?t=7216

Page 1 of 1

LF_APACHE_404 Not Working

Posted: 25 Nov 2013, 08:54
by seifhatem
Hey all,
I'm trying to block apps such as dirbuster but it fails, here is my config:

LF_APACHE_404 = 10
LF_APACHE_404_PERM = 1
LF_INTERVAL = 60 (tried 120 also but failed)

Here is the log, tailored from CSF so the log file is the one already configured with CSF.
[Mon Nov 25 10:17:32.309988 2013] [:error] [pid 4208:tid 140626114062080] [client 105.205.14.147:51049] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:41.558300 2013] [:error] [pid 4299:tid 140625852692224] [client 105.205.14.147:51050] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:42.829500 2013] [:error] [pid 4299:tid 140625852692224] [client 105.205.14.147:51050] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:46.902692 2013] [:error] [pid 4208:tid 140625999550208] [client 105.205.14.147:51052] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:48.802722 2013] [:error] [pid 4207:tid 140625873671936] [client 105.205.14.147:51053] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:52.005270 2013] [:error] [pid 4299:tid 140626114062080] [client 105.205.14.147:51054] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:53.088367 2013] [:error] [pid 4299:tid 140626114062080] [client 105.205.14.147:51054] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:55.692541 2013] [:error] [pid 4299:tid 140626114062080] [client 105.205.14.147:51054] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:58.290533 2013] [:error] [pid 4299:tid 140626124551936] [client 105.205.14.147:51055] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:17:59.515857 2013] [:error] [pid 4299:tid 140626124551936] [client 105.205.14.147:51055] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:18:00.695273 2013] [:error] [pid 4299:tid 140626124551936] [client 105.205.14.147:51055] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:18:01.744150 2013] [:error] [pid 4299:tid 140626124551936] [client 105.205.14.147:51055] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:18:41.664436 2013] [:error] [pid 4208:tid 140626103572224] [client 105.205.14.147:51056] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:19:02.764515 2013] [:error] [pid 4207:tid 140625915631360] [client 105.205.14.147:51057] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:19:04.070766 2013] [:error] [pid 4207:tid 140625915631360] [client 105.205.14.147:51057] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:39.921049 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:41.173285 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:42.717519 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:43.899558 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:45.003882 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:46.040060 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:47.166301 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:48.448921 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:49.596225 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:50.793076 2013] [:error] [pid 4299:tid 140625989060352] [client 105.205.14.147:51058] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:53.135659 2013] [:error] [pid 4209:tid 140626114062080] [client 105.205.14.147:51059] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:21:54.815429 2013] [:error] [pid 4209:tid 140626114062080] [client 105.205.14.147:51059] File does not exist: /home/XXXXX/public_html/s.php
[Mon Nov 25 10:23:27.190692 2013] [:error] [pid 4299:tid 140626103572224] [client 105.205.14.147:51063] File does not exist: /home/XXXXX/public_html/s.php
Thanks in advance

Re: LF_APACHE_404 Not Working

Posted: 25 Nov 2013, 09:24
by ForumAdmin
It's not matching the regex for the 404 feature due to this part of the string ":tid 140625989060352". It would suggest a different ErrorLogFormat configuration other than the once expected. What type of system (i.e. OS + Control Panel) and version of Apache are you running. And what, if configured in your httpd.conf, is ErrorLogFormat set to?

Re: LF_APACHE_404 Not Working

Posted: 25 Nov 2013, 21:19
by seifhatem
Hello,
Thanks for the quick reply

I edited my httpd.conf & here is the new format but it still doesn't work

Code: Select all

[Mon Nov 25 23:14:07 2013] [error] [client 197.198.11.95:55092] File does not exist: /home/XXXXX/public_html/s.php
Can you tell me what needs to be edited or added?
It would be better to give me an example of the log that the regex detects.

Thanks in advance

Re: LF_APACHE_404 Not Working

Posted: 25 Nov 2013, 21:47
by ForumAdmin
The following is detected from the log pointed to from HTACCESS_LOG setting in csf.conf:

Code: Select all

[Mon Nov 25 21:34:58 2013] [error] [client 1.2.3.4] File does not exist: /home/user/public_html/missing.jpg

Re: LF_APACHE_404 Not Working

Posted: 26 Nov 2013, 05:01
by seifhatem
As of what I concluded, changing the error log format is nearly impossible...

Final Solution that worked: Downgrading Apache from 2.4 to 2.2

It's even better: 2.4 will ONLY log 404 files but will not log dirs though 2.2 log both files & dirs!

Thanks for your support

Re: LF_APACHE_404 Not Working

Posted: 26 Nov 2013, 10:42
by ahantu
I also learn from this topic. Really useful forum.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited