Author Topic: CSF and ModSecurity (Read 6152 times)

oxlab · « **on:** January 18, 2021, 03:33:51 PM »

Hello! I'm having a problem with CSF and modSecurity. These are the logs in CSF conf file:

HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

But ModSecurity is using /usr/local/apache/domlogs/ to store all errors for each and every domain. The problem is that in error_log there are no errors so CSF didn't catch any of them.

My webserver configuration is: Nginx & Varnish & Apache, Comodo Rules and CWP Pro.

Thank you!

evansa · « **Reply #1 on:** January 21, 2021, 09:19:36 PM »

whats the question here?
Whats do you need assistance on?

oxlab · « **Reply #2 on:** July 29, 2021, 06:31:41 PM »

The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …

CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

Thank you!

Sandeep · « **Reply #3 on:** August 02, 2021, 01:13:52 AM »

Quote from: oxlab on July 29, 2021, 06:31:41 PM

The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …

CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

Thank you!

you can add each log or use wildcard log entry

oxlab · « **Reply #4 on:** August 03, 2021, 03:39:45 AM »

I think your suggestion was right.

HTACCESS_LOG = "/usr/local/apache/domlogs/*.error.log" MODSEC_LOG = "/usr/local/apache/domlogs/*.error.log"

I can see CSF is now watching all those files

/var/log/lfd.log

Control Web Panel

Author Topic: CSF and ModSecurity (Read 6152 times)

CSF and ModSecurity

Re: CSF and ModSecurity

Re: CSF and ModSecurity

Re: CSF and ModSecurity

Re: CSF and ModSecurity