Hi log:
Wed Jan 20 00:01:24 2016] [notice] caught SIGTERM, shutting down
[Wed Jan 20 00:01:25 2016] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Jan 20 00:01:25 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 20 00:01:25 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Wed Jan 20 00:01:25 2016] [notice] ModSecurity for Apache/2.8.0 (
http://www.modsecurity.org/) configured.
[Wed Jan 20 00:01:25 2016] [notice] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
[Wed Jan 20 00:01:25 2016] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Wed Jan 20 00:01:25 2016] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Wed Jan 20 00:01:25 2016] [notice] Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Wed Jan 20 00:01:26 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 20 00:01:26 2016] [notice] Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Jan 20 00:03:23 2016] [error] [client xxxxxxxxxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:expanded_dir_list. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:expanded_dir_list: ::usr:local:cwpsrv:htdocs:admin:/home/home:/home/mnhost/mnhost"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "xxxxxxxxxx"] [uri "/webftp_simple/"] [unique_id "Vp6yq8KHUHkAAB1yXtkAAAAA"]
[Wed Jan 20 00:32:56 2016] [notice] caught SIGTERM, shutting down
[Wed Jan 20 00:34:25 2016] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Jan 20 00:34:25 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 20 00:34:25 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
[Wed Jan 20 00:34:25 2016] [notice] ModSecurity for Apache/2.8.0 (
http://www.modsecurity.org/) configured.
[Wed Jan 20 00:34:25 2016] [notice] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
[Wed Jan 20 00:34:25 2016] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Wed Jan 20 00:34:25 2016] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Wed Jan 20 00:34:25 2016] [notice] Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Wed Jan 20 00:34:26 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 20 00:34:26 2016] [notice] Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Jan 20 01:34:25 2016] [error] [client xxxxxxxxxx] File does not exist: /usr/local/apache/htdocs/admin
[Wed Jan 20 04:02:19 2016] [error] [client xxxxxxxxxx] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/usr/local/apache/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "52"] [id "960911"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "GET HTTP/1.1 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "xcxxxxxxxx"] [uri "HTTP/1.1"] [unique_id "xxxxxxxxxxxxxxx"]
[Wed Jan 20 04:02:19 2016] [error] [client xxxxx] script not found or unable to stat: /usr/local/apache/cgi-bin/php4
[Wed Jan 20 04:02:19 2016] [error] [client xxxxx] script not found or unable to stat: /usr/local/apache/cgi-bin/php5
[Wed Jan 20 04:02:20 2016] [error] [client xxxxxx] File does not exist: /usr/local/apache/htdocs/index.cgi
[Wed Jan 20 04:02:20 2016] [error] [client xxxxxxx] script not found or unable to stat: /usr/local/apache/cgi-bin/php
[Wed Jan 20 04:02:20 2016] [error] [client xxxxxxx] script not found or unable to stat: /usr/local/apache/cgi-bin/php5-cli
[Wed Jan 20 04:02:20 2016] [error] [client xxxxxxx] File does not exist: /usr/local/apache/htdocs/phppath
[Wed Jan 20 04:02:21 2016] [error] [client xxxxxxx] File does not exist: /usr/local/apache/htdocs/phppath
[Wed Jan 20 04:02:21 2016] [error] [client xxxxxxx] File does not exist: /usr/local/apache/htdocs/cgi-sys
[Wed Jan 20 04:02:21 2016] [error] [client xxxxxxx] script not found or unable to stat: /usr/local/apache/cgi-bin/php.fcgi
[Wed Jan 20 04:02:21 2016] [error] [client xxxxxx] script not found or unable to stat: /usr/local/apache/cgi-bin/index.cgi