The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod security and google - still can't figure this one out

Discussion in 'Security' started by morrow95, May 13, 2013.

  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Getting these constantly in modsec logs - as you will see it is a Google IP:

    Code:
    2013-05-13 13:56:38 66.249.73.204   Access denied with code 501 (phase 2). Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "38"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"] 
    While I do have CSF installed I have turned off the banning/blocking for modsec triggers, however, it still concerns me that this is being triggered and especially since it is Google.

    501 usually has to do with ssl which at the moment I have no ssl certs on my server - I did, however, at one time.

    Any ideas? Is this Google just trying to crawl the old site which had an ssl cert, and if so, why would that be triggering modsec rather than just a regular error with no problems?

    Since Google can't be banned as I turned that off in the firewall it still gets 'blocked' by modsec and that is what I would like to correct if possible.

    Or another possibility I thought was someone is spoofing their IP address somehow. Either way any help would be appreciated.
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Yes, Google is trying to crawl the old site.
     
  3. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the response... would you just suggest leaving as is or is there another type of solution? I would think since there is no ssl to connect to it would throw a regular 501 error instead of how it is handled currently. The site is still on the server, but only with a simple 'coming soon' index and has been so for quite some time. I'm thinking Google keeps crawling because it is not returning the proper error.
     
Loading...

Share This Page