Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_security issue blocking good ip's

Discussion in 'Security' started by Cloud9, Oct 6, 2012.

  1. Cloud9

    Cloud9 Active Member

    Joined:
    Sep 17, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi

    On my server i have mod_security with the default config file installed and csf firewall

    I am getting around 6-10 good UK Ips being blocked by csf through mod_security

    Can anyone tell me why they are being blocked and what i can do to edit the config to fix this ?

    Here is the csf block

    IP ADDY HERE # lfd: (mod_security) mod_security triggered by IP ADDY HERE (GB/United Kingdom/-): 5 in the last 300 secs - Fri Oct 5 07:31:44 2012

    And here is the apache log

    [Fri Oct 05 07:30:58 2012] [error] [client IP ADDY HERE] ModSecurity: Access denied with code 406 (phase 2). Found 1 byte(s) in ARGS:pages[template] outside range: 1-255. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "34"] [id "960901"] [msg "Invalid character in request"] [severity "WARNING"] [hostname "MY WEB URL"] [uri "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] [unique_id "UG5@ok31RAUAABwqDvUAAAAJ"]

    Any thoughts and advice appreciated
     
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If the IPs are blocked by the same rule - like [id "960901"] - you can disable the rule.
    You should also install configserver.com/cp/cmc.html
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kpmedia

    kpmedia Well-Known Member

    Joined:
    Feb 13, 2011
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    56
    Location:
    USA, Europe
    cPanel Access Level:
    Root Administrator
    Are you 100% sure those are "good IPs" and not simply UK IPs that you hope/think are good?

    Because the response is quite clear: the post contained invalid characters (according to the rule). Don't assume all UK traffic is good simply because it's from UK. That would be a mistake on your part.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice