The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security issue blocking good ip's

Discussion in 'Security' started by Cloud9, Oct 6, 2012.

  1. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi

    On my server i have mod_security with the default config file installed and csf firewall

    I am getting around 6-10 good UK Ips being blocked by csf through mod_security

    Can anyone tell me why they are being blocked and what i can do to edit the config to fix this ?

    Here is the csf block

    IP ADDY HERE # lfd: (mod_security) mod_security triggered by IP ADDY HERE (GB/United Kingdom/-): 5 in the last 300 secs - Fri Oct 5 07:31:44 2012

    And here is the apache log

    [Fri Oct 05 07:30:58 2012] [error] [client IP ADDY HERE] ModSecurity: Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:pages[template] outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "34"] [id "960901"] [msg "Invalid character in request"] [severity "WARNING"] [hostname "MY WEB URL"] [uri "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] [unique_id "UG5@ok31RAUAABwqDvUAAAAJ"]

    Any thoughts and advice appreciated
     
    #1 Cloud9, Oct 6, 2012
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    If the IPs are blocked by the same rule - like [id "960901"] - you can disable the rule.
    You should also install configserver.com/cp/cmc.html
     
    #2 PlotHost, Oct 7, 2012
  3. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    Are you 100% sure those are "good IPs" and not simply UK IPs that you hope/think are good?

    Because the response is quite clear: the post contained invalid characters (according to the rule). Don't assume all UK traffic is good simply because it's from UK. That would be a mistake on your part.
     
    #3 kpmedia, Oct 7, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security issue blocking
  1. Sametto Chan

    What is different mod_security and mod_security2?

    Sametto Chan, Aug 8, 2017, in forum: EasyApache
    Replies:
    3
    Views:
    83
    Sametto Chan
    Aug 8, 2017
  2. Jasleen

    Mod_Security with CRS

    Jasleen, May 30, 2017, in forum: Security
    Replies:
    9
    Views:
    202
    fuzzylogic
    May 31, 2017
  3. Nirjonadda

    Mod_Security Vendors

    Nirjonadda, Apr 16, 2017, in forum: Security
    Replies:
    3
    Views:
    261
    Nirjonadda
    Apr 17, 2017
  4. stevenvsi

    Unable to disable mod_security per domain in user interface

    stevenvsi, Apr 11, 2017, in forum: Security
    Replies:
    9
    Views:
    395
    cPanelMichael
    Apr 11, 2017
  5. caisc

    Mod_Security rule to mitigate constant GET and POST request attack

    caisc, Feb 25, 2017, in forum: Security
    Replies:
    6
    Views:
    355
    quizknows
    Mar 7, 2017

Share This Page