Skip to main content

Recurring issue with Mod Security

Comments

3 comments

  • storminternet
    Logs indicates that you must be accessing the URL from your IP that is violating modsecurity rules. Either you need to exclude that pattern code from modsecurity or disable it for that domain.
    0
  • quizknows
    ModSecurity itself only stops requests, it doesn't block IP addresses. The actual IP block is placed by CSF/LFD blocking for the repeated modsecurity failures. You can stop CSF from blocking your IP for this by adding your ip to /etc/csf/csf.ignore This particular rule blocks any HTTP request method that is not GET, POST, OPTIONS, or HEAD. So any Track, Trace, PUT, DELETE or other request methods will trip it. Check for your IP in the access log for the appropriate domain, omitting POST/GET requests. Perhaps a file manager or something you're using is using other request methods. IMO that's a relatively safe rule to white-list but you may as well find out why you're tripping it first.
    0
  • cPanelMichael
    Hello :) Yes, as mentioned in the previous post, you may want to review the access logs to see if you can determine what action is triggering that rule. Thank you.
    0

Please sign in to leave a comment.