Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security issue blocking good ip's

Discussion in 'Security' started by Cloud9, Oct 6, 2012.

  1. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi

    On my server i have mod_security with the default config file installed and csf firewall

    I am getting around 6-10 good UK Ips being blocked by csf through mod_security

    Can anyone tell me why they are being blocked and what i can do to edit the config to fix this ?

    Here is the csf block

    IP ADDY HERE # lfd: (mod_security) mod_security triggered by IP ADDY HERE (GB/United Kingdom/-): 5 in the last 300 secs - Fri Oct 5 07:31:44 2012

    And here is the apache log

    [Fri Oct 05 07:30:58 2012] [error] [client IP ADDY HERE] ModSecurity: Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:pages[template] outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "34"] [id "960901"] [msg "Invalid character in request"] [severity "WARNING"] [hostname "MY WEB URL"] [uri "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] [unique_id "UG5@ok31RAUAABwqDvUAAAAJ"]

    Any thoughts and advice appreciated
     
    #1 Cloud9, Oct 6, 2012
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    If the IPs are blocked by the same rule - like [id "960901"] - you can disable the rule.
    You should also install configserver.com/cp/cmc.html
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 PlotHost, Oct 7, 2012
  3. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    Are you 100% sure those are "good IPs" and not simply UK IPs that you hope/think are good?

    Because the response is quite clear: the post contained invalid characters (according to the rule). Don't assume all UK traffic is good simply because it's from UK. That would be a mistake on your part.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 kpmedia, Oct 7, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security issue blocking
  1. mehdix92

    Mod_Security blocking WordPress logins

    mehdix92, Jun 13, 2018, in forum: Security
    Replies:
    3
    Views:
    179
    cPanelMichael
    Jun 14, 2018
  2. meeven

    Questions about enabling mod_security

    meeven, May 22, 2018, in forum: Security
    Replies:
    2
    Views:
    127
    meeven
    Jun 2, 2018
  3. urgido

    SOLVED SQlite mod_security corrupt

    urgido, May 12, 2018, in forum: Database Discussion
    Replies:
    5
    Views:
    127
    cPanelMichael
    May 15, 2018
  4. Nandulal

    Mod_security installation error

    Nandulal, May 12, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    96
    cPanelLauren
    May 14, 2018
  5. PabloC

    Problem with mod_security - can't edit WP's posts, get 404

    PabloC, Feb 26, 2018, in forum: Security
    Replies:
    3
    Views:
    205
    Infopro
    Feb 27, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice