Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Modsecurity Tools hitlist is empty / not working

Discussion in 'Security' started by menathor, Apr 30, 2018.

  1. menathor

    menathor Registered

    Joined:
    Apr 5, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Website Owner
    Hi guys

    For some reason my WHM -> "Modsecurity Tools" hitlist is not working / always empty. I know modsecurity is working because hits are recorded correctly in /usr/local/apache/logs/modsec_audit.log. I don't run any WAF apps- all my rules are installed via WHM -> "Modsecurity Vendors". I've tried rules from multiple vendors and same result- they work, are logged in modsec_audit.log but the hitlist doesn't work.

    Any ideas on how I could fix this?

    Cheers!
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    966
    Likes Received:
    67
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @menathor

    This could caused by a few things. If you're able to access the server via CLI can you please run the following and provide me with the output?

    Code:
    grep skipmodseclog /var/cpanel/cpanel.config
    
    Code:
    grep -i modsec_audit /usr/local/cpanel/logs/tailwatchd_log |tail -n5
    
    Where is the Audit log being output to (i.e. where are you finding it)

    Is there data in /usr/local/apache/conf/modsec2.user.conf
     
Loading...

Share This Page