Author Topic: Mod_Security's Security incidents wrong IP  (Read 2957 times)

0 Members and 1 Guest are viewing this topic.

Offline
***
Mod_Security's Security incidents wrong IP
« on: January 11, 2022, 03:34:32 PM »
The Security Incidents tab in Security Center that shows what Mod_Security has blocked is showing server IP as an offender for some specific types of attacks even though the IP is something else.



Here's the audit log showing something else:



I'm running Cloudflare -> Nginx -> Varnish -> Apache (with mod_cloudflare)

Offline
***
Re: Mod_Security's Security incidents wrong IP
« Reply #1 on: January 12, 2022, 12:01:30 AM »
This is a ModSecurity issue, and it will not be fixed in 2.x versions.
Check:
https://github.com/SpiderLabs/ModSecurity/issues/811

Regards,
Netino

Offline
***
Re: Mod_Security's Security incidents wrong IP
« Reply #2 on: January 15, 2022, 11:43:18 AM »
This is a ModSecurity issue, and it will not be fixed in 2.x versions.
Check:
https://github.com/SpiderLabs/ModSecurity/issues/811

Regards,
Netino

have you tried installing v3?

Offline
***
Re: Mod_Security's Security incidents wrong IP
« Reply #3 on: January 15, 2022, 10:43:38 PM »
(...)
have you tried installing v3?

No. I'm using Comodo rules, and don't know if they are compatible.
https://github.com/SpiderLabs/ModSecurity/issues/1962