« previous next »
Pages: [1]

Author Topic: Mod_Security's Security incidents wrong IP  (Read 2956 times)

0 Members and 1 Guest are viewing this topic.

Offline
iraqiboy90
***
Mod_Security's Security incidents wrong IP
« on: January 11, 2022, 03:34:32 PM »
The Security Incidents tab in Security Center that shows what Mod_Security has blocked is showing server IP as an offender for some specific types of attacks even though the IP is something else.



Here's the audit log showing something else:



I'm running Cloudflare -> Nginx -> Varnish -> Apache (with mod_cloudflare)
Logged
Offline
Netino
***
Re: Mod_Security's Security incidents wrong IP
« Reply #1 on: January 12, 2022, 12:01:30 AM »
This is a ModSecurity issue, and it will not be fixed in 2.x versions.
Check:
https://github.com/SpiderLabs/ModSecurity/issues/811

Regards,
Netino
Logged
Offline
iraqiboy90
***
Re: Mod_Security's Security incidents wrong IP
« Reply #2 on: January 15, 2022, 11:43:18 AM »
Quote from: Netino on January 12, 2022, 12:01:30 AM
This is a ModSecurity issue, and it will not be fixed in 2.x versions.
Check:
https://github.com/SpiderLabs/ModSecurity/issues/811

Regards,
Netino

have you tried installing v3?
Logged
Offline
Netino
***
Re: Mod_Security's Security incidents wrong IP
« Reply #3 on: January 15, 2022, 10:43:38 PM »
Quote from: iraqiboy90 on January 15, 2022, 11:43:18 AM
(...)
have you tried installing v3?

No. I'm using Comodo rules, and don't know if they are compatible.
https://github.com/SpiderLabs/ModSecurity/issues/1962
Logged
Pages: [1]
« previous next »