Possible bug in Mod Security.

speckados

Well-Known Member
hi.

I don't see version of mos Security on latest RELEASe of WHM/Cpanel.

But there a problem with rules added

Can't use IP addresses in rules

Your using an a buggy version of modsecurity, 2.8.0. 2.8.0 has a known critical bug where it can not use IP addresses in rules as documented at the URL below:

https://www.atomicorp.com/wiki/index.php/Atomicorp_WAF_Rules_Troubleshooting#Specific_Errors

How i can to know version of my mod_Security installation?

Apreciate help.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
To know the exact version, run;

Code:
httpd stop ; httpd start
then check your Apache error_log, it will show the version in use:

Code:
tail -n 1000 /usr/local/apache/logs/error_log |grep modsec
Code:
[Fri Jun 06 16:25:29.001994 2014] [:notice] [pid 17604] ModSecurity for Apache/2.8.0 ([url=http://www.modsecurity.org/]ModSecurity: Open Source Web Application Firewall[/url]) configured.