Skip to main content

ModSecurity rules triggered but not blocking the attacker

Comments

5 comments

  • masterross
    I just uninstalled and installed OWASP again and now is working! The case is solved!
    0
  • fuzzylogic
    The log line you posted is only one of many mod-security rule hits for that http request. If you run the command... grep -n 'XwLkqnDNqLQBB@MMoe6MvQAAAA0' /usr/local/apache/logs/error_log
    you will see the other log lines for that request, all with identical timestamps and unique_id and with consecutive line numbers in the log. The second last mod-security rule hit log line, rule [id "949110">, will have the text... ModSecurity: Access denied with code 403 (phase 2)
    0
  • cPanelLauren
    Thank you @fuzzylogic for that answer and @masterross I'm glad to see the issue is now resolved.
    0
  • WorkinOnIt
    Is there a way to tell have Mod_Security banned IPs also banned in CSF firewall ? If an IP is behaving badly, I'd like to ban it server wide.
    0
  • WorkinOnIt
    Oh I think I found the answer here: @fuzzylogic :)
    0

Please sign in to leave a comment.