mod_security issue blocking good ip's

Cloud9

Well-Known Member
Sep 17, 2012
60
1
58
UK
cPanel Access Level
Root Administrator
Hi

On my server i have mod_security with the default config file installed and csf firewall

I am getting around 6-10 good UK Ips being blocked by csf through mod_security

Can anyone tell me why they are being blocked and what i can do to edit the config to fix this ?

Here is the csf block

IP ADDY HERE # lfd: (mod_security) mod_security triggered by IP ADDY HERE (GB/United Kingdom/-): 5 in the last 300 secs - Fri Oct 5 07:31:44 2012

And here is the apache log

[Fri Oct 05 07:30:58 2012] [error] [client IP ADDY HERE] ModSecurity: Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:pages[template] outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "34"] [id "960901"] [msg "Invalid character in request"] [severity "WARNING"] [hostname "MY WEB URL"] [uri "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] [unique_id "[email protected]"]

Any thoughts and advice appreciated
 

kpmedia

Well-Known Member
Feb 13, 2011
87
1
58
USA, Europe
cPanel Access Level
Root Administrator
Are you 100% sure those are "good IPs" and not simply UK IPs that you hope/think are good?

Because the response is quite clear: the post contained invalid characters (according to the rule). Don't assume all UK traffic is good simply because it's from UK. That would be a mistake on your part.