CSF - LF_APACHE_403 not working?

Post Reply
joshuah
Junior Member
Posts: 1
Joined: 03 Nov 2014, 13:04

CSF - LF_APACHE_403 not working?

Post by joshuah »

Hello,

I have setup modsecurity rules to give permission denied (403) on multiple brute force attempts; which works great, but now I want CSF to block their IP if they continue. So my thoughts were to configure LF_APACHE_403 to automatically block their IP. Unfortunately, it is not working.

An example of this:
192.95.29.115 - - [04/Nov/2014:00:03:05 +1100] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
192.95.29.115 - - [04/Nov/2014:00:03:06 +1100] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
192.95.29.115 - - [04/Nov/2014:00:03:06 +1100] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
192.95.29.115 - - [04/Nov/2014:00:03:07 +1100] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"
192.95.29.115 - - [04/Nov/2014:00:03:07 +1100] "POST /wp-login.php HTTP/1.1" 403 1139 "-" "-"

There is an example of a brute force attack (there is thousands). Notice the 403, which means the modsecurity is working great..

The problem is, how come CSF wont pickup the many 403's and block them?

Here is the config:

cat /etc/csf/csf.conf | grep LF_APACHE_403
# LF_APACHE_403 in LF_INTERVAL seconds then the IP address will be blocked
LF_APACHE_403 = "40"
LF_APACHE_403_PERM = "120"
LF_INTERVAL = "3600"

Any idea on what else I can try to fix this?

Note: I am running cPanel, litespeed 4.2.18, Comodo WAF (not sure if that matters or not).. main thing is, modsecurity is doing it's job fine, because it is giving it 403, but CSF wont block the many 403
broschats
Junior Member
Posts: 3
Joined: 05 Nov 2014, 23:44
Location: Kihei Hawaii

Re: CSF - LF_APACHE_403 not working?

Post by broschats »

Did you arrive at a solution?
Post Reply