Control Web Panel

Security => CSF Firewall => Topic started by: oxlab on January 18, 2021, 03:33:51 PM

Title: CSF and ModSecurity
Post by: oxlab on January 18, 2021, 03:33:51 PM
Hello! I'm having a problem with CSF and modSecurity. These are the logs in CSF conf file:

HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

But ModSecurity is using /usr/local/apache/domlogs/ to store all errors for each and every domain. The problem is that in error_log there are no errors so CSF didn't catch any of them.

My webserver configuration is: Nginx & Varnish & Apache, Comodo Rules and CWP Pro.

Thank you!
Title: Re: CSF and ModSecurity
Post by: evansa on January 21, 2021, 09:19:36 PM
whats the question here?
Whats do you need assistance on?
Title: Re: CSF and ModSecurity
Post by: oxlab on July 29, 2021, 06:31:41 PM
The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …

CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

Thank you!
Title: Re: CSF and ModSecurity
Post by: Sandeep on August 02, 2021, 01:13:52 AM
The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …

CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"

Thank you!

you can add each log or use wildcard log entry
Title: Re: CSF and ModSecurity
Post by: oxlab on August 03, 2021, 03:39:45 AM
I think your suggestion was right.

HTACCESS_LOG = "/usr/local/apache/domlogs/*.error.log"
MODSEC_LOG = "/usr/local/apache/domlogs/*.error.log"


I can see CSF is now watching all those files

/var/log/lfd.log