ModSecurity : collections_remove_stale: Failed deleting collection cpanel

migarcia

April 21, 2015 10:24

Elmensajecompleto es este: [Mon Apr 20 12:42:39 2015] [error] [client 85.50.141.200] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "83.52.161.53_d5f8b32725126c86e6aea8241ca0936c5822cfa2"): Internal error [hostname "trapillomarket.es"> [uri "/tienda/themes/trapillomarket/img/bg_bt.gif"> [unique_id "VTTYHi5pFPYAADvkRo4AAAAI"> Lo primero que no entiendo, es porque aparecen dos direcciones IP, pero a partir de este mensaje, aparecen una coleccion de errores que terminan ineludiblemente en que CSF & LFD me termine bloqueando la IP del cliente. He estado leyendo en Google, y parece que existe un bug en alguna de las reglas de ModSecurity, loque no veo es como puedo desactivar las reglas problematicas desde WHM Adjunto el fichero ErrorLog de apache para la IP afectada

Comments

3 comments

cPanelMichael

April 22, 2015 16:13
Hello, I noticed the following in the log output you provided:
[Fri Apr 17 18:59:55 2015] [error] [client 83.52.161.53] ModSecurity: Access denied with redirection to http://trapillomarket.es/ using status 302 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"> [line "14"> [id "970901"> [rev "3"> [msg "The Application Returned a 500-Level Status Code"> [data "Matched Data: 500 found within RESPONSE_STATUS: 500"> [severity "ERROR"> [ver "OWASP_CRS/3.0.0"> [maturity "9"> [accuracy "9"> [tag "Host: domain.es"> [tag "WASCTC/WASC-13"> [tag "OWASP_TOP_10/A6"> [tag "PCI/6.5.6"> [hostname "domain.es"> [uri "/tienda/index.php"> [unique_id "VTE8Ci5pFPYAAA77NSIAAAAK">
You can disable specific rules (e.g. 970901) for Mod_Security via: "WHM Home " Security Center " Hits List" Thank you. Translation: Hola, Me di cuenta de lo siguiente en la salida del registro que ya ha proporcionado:
[Fri Apr 17 18:59:55 2015] [error] [client 83.52.161.53] ModSecurity: Access denied with redirection to http://trapillomarket.es/ using status 302 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"> [line "14"> [id "970901"> [rev "3"> [msg "The Application Returned a 500-Level Status Code"> [data "Matched Data: 500 found within RESPONSE_STATUS: 500"> [severity "ERROR"> [ver "OWASP_CRS/3.0.0"> [maturity "9"> [accuracy "9"> [tag "Host: domain.es"> [tag "WASCTC/WASC-13"> [tag "OWASP_TOP_10/A6"> [tag "PCI/6.5.6"> [hostname "domain.es"> [uri "/tienda/index.php"> [unique_id "VTE8Ci5pFPYAAA77NSIAAAAK">
Puede desactivar reglas espec"ficas (por ejemplo, 970901) para mod_security trav"s de: "Centro de WHM Inicio" Seguridad "Accesos Lista" Gracias.
0
migarcia

April 22, 2015 16:56
Perfecto! eso era lo que necesitaba, no sabia como desactivar reglas especificas. Muchas gracias
0
cPanelMichael

April 23, 2015 14:16
I am happy to see that information was helpful. Thank you for updating us with the outcome. Translation: Estoy feliz de ver que la informaci"n era "til. Gracias por la actualizaci"n con el resultado que usted.
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?