Mod Security Question
Hello,
Can you please help me to understand the source of these errors related to mod_security and how can I solve it :
[Fri Jun 27 11:58:40 2014] [error] [client X.X.X.X] ModSecurity: Warning. Pattern match "200" at RESPONSE_STATUS. [file "/var/cpanel/cwaf/rules/cwaf_02.conf"> [line "326"> [id "212100"> [msg "COMODO WAF: Failed login attempt"> [severity "WARNING"> [tag "no_ar"> [hostname "MonDomaine.net"> [uri "/wp-login.php"> [unique_id "U63a-bAfDzIACD2AQooA0000">-
Hello :) The message is letting you know a pattern matched one of the custom rules you have configured for Mod_Security and thus the request was blocked. You can search for the referenced rule number in /var/cpanel/cwaf/rules/cwaf_02.conf to see what specific rule was triggered. Thank you. 0 -
wp-login.php returns a 200 for a failed login, a successful login is 302 redirected into the wp-admin area. This rule is saying someone got a 200 response status at that URI, indicating a failed login, and thus ModSecurity logs an error to tell you someone provided a wrong password for wordpress. If you are getting this error when you provide the right password for wordpress there may be an issue with the rule logic. If you can post the rule in its entirety I could tell you more. 0 -
it's not [id "212100"> ? if not where can i have it plz 0 -
[quote="wafaa, post: 1679512">it's not [id "212100"> ? if not where can i have it plz
Could you elaborate a little more on this response? I'm not sure I fully understand it. Thank you.0 -
Can u explain me what is the rule id "212100" ? 0 -
Every ModSecurity rule has a unique numeric ID used to identify the rule. In your file /var/cpanel/cwaf/rules/cwaf_02.conf you should be able to find the actual rule by searching for id:212100 I do not see this rule ID in the latest set of comodo rules that I just downloaded. 0
Please sign in to leave a comment.
Comments
6 comments