Author Topic: CSF and ModSecurity  (Read 6180 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CSF and ModSecurity
« on: January 18, 2021, 03:33:51 PM »
Hello! I'm having a problem with CSF and modSecurity. These are the logs in CSF conf file:

HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

But ModSecurity is using /usr/local/apache/domlogs/ to store all errors for each and every domain. The problem is that in error_log there are no errors so CSF didn't catch any of them.

My webserver configuration is: Nginx & Varnish & Apache, Comodo Rules and CWP Pro.

Thank you!

Offline
**
Re: CSF and ModSecurity
« Reply #1 on: January 21, 2021, 09:19:36 PM »
whats the question here?
Whats do you need assistance on?

Offline
*
Re: CSF and ModSecurity
« Reply #2 on: July 29, 2021, 06:31:41 PM »
The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …

CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

Thank you!

Offline
*****
Re: CSF and ModSecurity
« Reply #3 on: August 02, 2021, 01:13:52 AM »
The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …

CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

Thank you!

you can add each log or use wildcard log entry

Offline
*
Re: CSF and ModSecurity
« Reply #4 on: August 03, 2021, 03:39:45 AM »
I think your suggestion was right.

HTACCESS_LOG = "/usr/local/apache/domlogs/*.error.log"
MODSEC_LOG = "/usr/local/apache/domlogs/*.error.log"


I can see CSF is now watching all those files

/var/log/lfd.log