ModSecurity Tools Hits List is empty
ModSecurity has recently been installed on the server using EA4. Server is standard cPanel configuration, nothing unusual. /usr/local/apache/logs/modsec_audit.log is logging data and looks correct.
COMODO ModSecurity Apache Rule Set is installed as a vendor and enabled.
/etc/apache2/conf.d/modsec/modsec2.cpanel.conf does not show any SecAuditLog entry.
Why is
HomeHome "Security Center "ModSecurity" Tools "Hits List
empty?
-
Hi, SecAuditLog is located in /etc/apache2/conf.d/modsec2.conf. Could you post what configurations are in the /etc/apache2/conf.d/modsec/modsec2.cpanel.net? For example: SecAuditEngine "RelevantOnly" SecRuleEngine "On"0 -
OK, found the SecAuditLog in /etc/apache2/conf.d/modsec2.conf and it's set to: SecAuditLog logs/modsec_audit.log SecDebugLog logs/modsec_debug.log SecDebugLogLevel 0 SecDefaultAction "phase:2,deny,log,status:406"
Data is being logged to modsec_audit.log Sure, here's what's in /etc/apache2/conf.d/modsec/modsec2.cpanel.netSecDataDir "/var/cpanel/secdatadir" SecAuditEngine "On" SecConnEngine "On" SecRuleEngine "On"
And a bunch of include lines like this oneInclude "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/00_Init_Initialization.conf"
All for comodo_apache - I can post them if you want.0 -
Hello, I believe this is an issue with the Comodo WAF plugin and it's integration with EasyApache 4. You can find a post from a Comodo staff member on this topic at: cPanel EasyApache4 + CWAF-plugin+ModSecurity" Tools Hit list - Free Modsecurity rules - Comodo Web Application Firewall You may want to respond to the thread to report the issue if it's still occurring after taking those steps. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments