Possible bug in Mod Security.

speckados

speckados

Well-Known Member
May 21, 2003
355
2
168
Els Ibarsos :: Comunitat Valenciana :: España
cPanel Access Level
DataCenter Provider
Twitter
hi.

I don't see version of mos Security on latest RELEASe of WHM/Cpanel.

But there a problem with rules added

Can't use IP addresses in rules

Your using an a buggy version of modsecurity, 2.8.0. 2.8.0 has a known critical bug where it can not use IP addresses in rules as documented at the URL below:

https://www.atomicorp.com/wiki/index.php/Atomicorp_WAF_Rules_Troubleshooting#Specific_Errors

How i can to know version of my mod_Security installation?

Apreciate help.
 
Q

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
To know the exact version, run;

Code: 
httpd stop ; httpd start
then check your Apache error_log, it will show the version in use:

Code: 
tail -n 1000 /usr/local/apache/logs/error_log |grep modsec
Code: 
[Fri Jun 06 16:25:29.001994 2014] [:notice] [pid 17604] ModSecurity for Apache/2.8.0 ([url=http://www.modsecurity.org/]ModSecurity: Open Source Web Application Firewall[/url]) configured.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C Possible Bug: TLS 1.3 not available with NGINX Security 3
suatkocabas log has a uid 0 account - Possible hack detected. Security 6
durangod Possible bug using google authentication Security 2
A Possible bug with cPHulk Brute Force Protection Security 20
T Possible security bug? Security 1
Similar threads
Possible Bug: TLS 1.3 not available with NGINX
log has a uid 0 account - Possible hack detected.
Possible bug using google authentication
Possible bug with cPHulk Brute Force Protection
Possible security bug?
Top Bottom