Control Web Panel
Security => CSF Firewall => Topic started by: oxlab on January 18, 2021, 03:33:51 PM
-
Hello! I'm having a problem with CSF and modSecurity. These are the logs in CSF conf file:
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
But ModSecurity is using /usr/local/apache/domlogs/ to store all errors for each and every domain. The problem is that in error_log there are no errors so CSF didn't catch any of them.
My webserver configuration is: Nginx & Varnish & Apache, Comodo Rules and CWP Pro.
Thank you!
-
whats the question here?
Whats do you need assistance on?
-
The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …
CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
Thank you!
-
The problem is that CSF is not blocking modsecurity errors because they're logged at different files DOMAIN1.com.error.log, DOMAIN2.com.error.log, …
CSF
----
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
Thank you!
you can add each log or use wildcard log entry
-
I think your suggestion was right.
HTACCESS_LOG = "/usr/local/apache/domlogs/*.error.log"
MODSEC_LOG = "/usr/local/apache/domlogs/*.error.log"
I can see CSF is now watching all those files
/var/log/lfd.log