ModSecurity : collections_remove_stale: Failed deleting collection cpanel

migarcia

Well-Known Member
Nov 16, 2012
53
0
6
Barcelona
cPanel Access Level
Website Owner
Elmensajecompleto es este: [Mon Apr 20 12:42:39 2015] [error] [client 85.50.141.200] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "83.52.161.53_d5f8b32725126c86e6aea8241ca0936c5822cfa2"): Internal error [hostname "trapillomarket.es"] [uri "/tienda/themes/trapillomarket/img/bg_bt.gif"] [unique_id "VTTYHi5pFPYAADvkRo4AAAAI"]

Lo primero que no entiendo, es porque aparecen dos direcciones IP, pero a partir de este mensaje, aparecen una coleccion de errores que terminan ineludiblemente en que CSF & LFD me termine bloqueando la IP del cliente.

He estado leyendo en Google, y parece que existe un bug en alguna de las reglas de ModSecurity, loque no veo es como puedo desactivar las reglas problematicas desde WHM
Adjunto el fichero ErrorLog de apache para la IP afectada
 

Attachments

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

I noticed the following in the log output you provided:

Code:
[Fri Apr 17 18:59:55 2015] [error] [client 83.52.161.53] ModSecurity: Access denied with redirection to http://trapillomarket.es/ using status 302 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: domain.es"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "domain.es"] [uri "/tienda/index.php"] [unique_id "VTE8Ci5pFPYAAA77NSIAAAAK"]
You can disable specific rules (e.g. 970901) for Mod_Security via:

"WHM Home » Security Center » Hits List"

Thank you.

Translation:

Hola,

Me di cuenta de lo siguiente en la salida del registro que ya ha proporcionado:

Code:
[Fri Apr 17 18:59:55 2015] [error] [client 83.52.161.53] ModSecurity: Access denied with redirection to http://trapillomarket.es/ using status 302 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-50-DATA-LEAKAGES.conf"] [line "14"] [id "970901"] [rev "3"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: domain.es"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "domain.es"] [uri "/tienda/index.php"] [unique_id "VTE8Ci5pFPYAAA77NSIAAAAK"]
Puede desactivar reglas específicas (por ejemplo, 970901) para mod_security través de:

"Centro de WHM Inicio» Seguridad »Accesos Lista"

Gracias.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
I am happy to see that information was helpful. Thank you for updating us with the outcome.

Translation:

Estoy feliz de ver que la información era útil. Gracias por la actualización con el resultado que usted.
 
Thread starter Similar threads Forum Replies Date
M Discusión en Español 4
P Discusión en Español 5