ModSecurity : collections_remove_stale: Failed deleting collection cpanel

M

migarcia

Well-Known Member
Nov 16, 2012
53
0
6
Barcelona
cPanel Access Level
Website Owner
Elmensajecompleto es este: [Mon Apr 20 12:42:39 2015] [error] [client 85.50.141.200] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "83.52.161.53_d5f8b32725126c86e6aea8241ca0936c5822cfa2"): Internal error [hostname "trapillomarket.es"] [uri "/tienda/themes/trapillomarket/img/bg_bt.gif"] [unique_id "VTTYHi5pFPYAADvkRo4AAAAI"]

Lo primero que no entiendo, es porque aparecen dos direcciones IP, pero a partir de este mensaje, aparecen una coleccion de errores que terminan ineludiblemente en que CSF & LFD me termine bloqueando la IP del cliente.

He estado leyendo en Google, y parece que existe un bug en alguna de las reglas de ModSecurity, loque no veo es como puedo desactivar las reglas problematicas desde WHM
Adjunto el fichero ErrorLog de apache para la IP afectada
 

Attachments

cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

I noticed the following in the log output you provided:

Code: 
[Fri Apr 17 18:59:55 2015] [error] [client 83.52.161.53] ModSecurity: Access denied with redirection to http://trapillomarket.es/ using status 302 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: domain.es"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "domain.es"] [uri "/tienda/index.php"] [unique_id "VTE8Ci5pFPYAAA77NSIAAAAK"]
You can disable specific rules (e.g. 970901) for Mod_Security via:

"WHM Home » Security Center » Hits List"

Thank you.

Translation:

Hola,

Me di cuenta de lo siguiente en la salida del registro que ya ha proporcionado:

Code: 
[Fri Apr 17 18:59:55 2015] [error] [client 83.52.161.53] ModSecurity: Access denied with redirection to http://trapillomarket.es/ using status 302 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: domain.es"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "domain.es"] [uri "/tienda/index.php"] [unique_id "VTE8Ci5pFPYAAA77NSIAAAAK"]
Puede desactivar reglas específicas (por ejemplo, 970901) para mod_security través de:

"Centro de WHM Inicio» Seguridad »Accesos Lista"

Gracias.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
I am happy to see that information was helpful. Thank you for updating us with the outcome.

Translation:

Estoy feliz de ver que la información era útil. Gracias por la actualización con el resultado que usted.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M ModSecurity y Google Discusión en Español 4
P ModSecurity Discusión en Español 5
Similar threads
ModSecurity y Google
ModSecurity
Top Bottom