CSF/LDF + MODSEC dont work!!!

I have CWPPRO version 7 and the locks with the CSF / LDF firewall do not work

In my CWPPRO 6 they work perfectly, compare some configurations with the new CWP7 and it looks all the same, can you help me please.

any?

I have read that there are problems with centos 7 and cwp, so better to use centos 6 and cwp6...
Anyway centos 7 uses to much resources comparing to centos 6, but thats my opinion...

I have read that there are problems with centos 7 and cwp, so better to use centos 6 and cwp6...
Anyway centos 7 uses to much resources comparing to centos 6, but thats my opinion...

CWP7 Works like a charm, only have this problem.

all should work fine in centos 7 including firewall, you need to specify all details (errors) when asking questions about some possible issue.

all should work fine in centos 7 including firewall, you need to specify all details (errors) when asking questions about some possible issue.

In CWP6-PRO CSF / LFD + MODSEC blocks attacks through logging in "/usr/local/apache/logs/error_log"

With this setting in "/etc/csf/csf.conf"

Code: [Select]

# [*]Enable failure detection of repeated Apache mod_security rule triggers
LF_MODSEC = "3"
LF_MODSEC_PERM = "1"
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
MODSEC CWP6-PRO errors are mirrored in this way and blocks them perfectly in CSF + LDF

Code: [Select]

[Tue Apr 11 22:03:04 2017] [error] [client 171.5.3.224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "/wp-login.php" at REQUEST_URI. [file "/usr/local/apache/userdata/pcrcl/pcready.cl/modsec.conf"] [line "1"] [id "17265002"] [hostname "www.pcready.cl"] [uri "/wp-login.php"] [unique_id "WO18yH8AAAEAACmefUIAAAAF"]
In CWP7-PRO I have exactly the same configuration as in CWP6-PRO in "/etc/csf/csf.conf", this is my configuration in CWP7-PRO

Code: [Select]

# [*]Enable failure detection of repeated Apache mod_security rule triggers
LF_MODSEC = "3"
LF_MODSEC_PERM = "1"
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
But the CWP7-PRO errors of MODSEC are reflected in this way and do not block them

Code: [Select]

[Wed Apr 12 01:40:37.485934 2017] [:error] [pid 28383:tid 139994855077632] [client 201.214.115.114:30016] [client 201.214.115.114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "/wp-login.php" at REQUEST_URI. [file "/usr/local/apache/userdata/instruva/instruvalve.cl/modsec.conf"] [line "15"] [id "17265002"] [hostname "www.instruvalve.cl"] [uri "/wp-login.php"] [unique_id "WO2vxQW9kbkAAG7fYFsAAABA"]
There is a clear difference in how the log is reflected in "/usr/local/apache/logs/error_log" maybe that's why it is not able to detect the errors and block them

The rule in CWP6-PRO and CWP7-PRO is exactly the same, but only works in CWP6-PRO.

Look for information and some people talked about the forna in which the text was read from the log, if it did not contain a recognizable "regex" for "CSF + LFD" it would not block it, since it would not be able to interpret it correctly to extract information.

But CSF + LFD if it is working because it blocks the SSH and FTP errors, the problem is only with MODSEC.

If you need any other information do not hesitate to ask me please.

Can you help me please, thank you.

żż??

Admin, please check this!

https://forum.configserver.com/viewtopic.php?t=9951

Anybody?

@Administrator

mmm, anybody?

You can find instructions here
http://wiki.centos-webpanel.com/csflfd-firewall-configuration

You can find instructions here
http://wiki.centos-webpanel.com/csflfd-firewall-configuration

Dont work for me... I need help, my CWP is PRO!! i paid for a year.

You can find instructions here
http://wiki.centos-webpanel.com/csflfd-firewall-configuration

Dont work for me... I need help, my CWP is PRO!! i paid for a year.

Works now, thx!!!