Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security issue blocking good ip's

Discussion in 'Security' started by Cloud9, Oct 6, 2012.

  1. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi

    On my server i have mod_security with the default config file installed and csf firewall

    I am getting around 6-10 good UK Ips being blocked by csf through mod_security

    Can anyone tell me why they are being blocked and what i can do to edit the config to fix this ?

    Here is the csf block

    IP ADDY HERE # lfd: (mod_security) mod_security triggered by IP ADDY HERE (GB/United Kingdom/-): 5 in the last 300 secs - Fri Oct 5 07:31:44 2012

    And here is the apache log

    [Fri Oct 05 07:30:58 2012] [error] [client IP ADDY HERE] ModSecurity: Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:pages[template] outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "34"] [id "960901"] [msg "Invalid character in request"] [severity "WARNING"] [hostname "MY WEB URL"] [uri "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] [unique_id "UG5@ok31RAUAABwqDvUAAAAJ"]

    Any thoughts and advice appreciated
     
    #1 Cloud9, Oct 6, 2012
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If the IPs are blocked by the same rule - like [id "960901"] - you can disable the rule.
    You should also install configserver.com/cp/cmc.html
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 PlotHost, Oct 7, 2012
  3. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    Are you 100% sure those are "good IPs" and not simply UK IPs that you hope/think are good?

    Because the response is quite clear: the post contained invalid characters (according to the rule). Don't assume all UK traffic is good simply because it's from UK. That would be a mistake on your part.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 kpmedia, Oct 7, 2012
(You must log in or sign up to post here.)
Loading...
Similar Threads - mod_security issue blocking
  1. subtopic

    New Thread OWASP mod_security breaking Wordpress page save

    subtopic, Sep 18, 2018 at 2:27 PM, in forum: Security
    Replies:
    0
    Views:
    31
    subtopic
    Sep 18, 2018 at 2:27 PM
  2. subtopic

    New Thread OWASP mod_security to help /tmp execution

    subtopic, Sep 18, 2018 at 12:32 PM, in forum: Security
    Replies:
    0
    Views:
    19
    subtopic
    Sep 18, 2018 at 12:32 PM
  3. Pratyush Rohilla

    SOLVED Error when installing mod_security via WHM >> EA4

    Pratyush Rohilla, Sep 16, 2018 at 9:05 AM, in forum: EasyApache
    Replies:
    1
    Views:
    21
    cPanelMichael
    Sep 17, 2018 at 12:21 PM
  4. ottdev

    cPanel's implementation of Mod_Security

    ottdev, Aug 8, 2018, in forum: Security
    Replies:
    2
    Views:
    135
    cPanelLauren
    Aug 10, 2018
  5. mehdix92

    Mod_Security blocking WordPress logins

    mehdix92, Jun 13, 2018, in forum: Security
    Replies:
    3
    Views:
    351
    cPanelMichael
    Jun 14, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice