Search found 4 matches

by nbeernink
14 Dec 2016, 14:17
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 56
Views: 64494

Re: Custom REGEX rules for CSF.

@sergio:
I don't know, something like this? REGEX to block IPs that triggered via COMODO-WAF modsecurity in DirectAdmin Custombuild 2.0
by nbeernink
13 Dec 2016, 14:12
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 56
Views: 64494

Re: Custom REGEX rules for CSF.

Perhaps the regex we shared in DirectAdmin modsecurity denials not blocked by CSF/LFD can be added to this sticky? Hope it's useful to someone!
by nbeernink
13 Dec 2016, 14:10
Forum: General Discussion (csf)
Topic: DirectAdmin modsecurity denials not blocked by CSF/LFD
Replies: 2
Views: 2975

Re: DirectAdmin modsecurity denials not blocked by CSF/LFD

Okay, the situation was rather pressing so we came up with the following regex for our use-case: #mod_security v2 (apache on DirectAdmin host) if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\...
by nbeernink
07 Dec 2016, 16:35
Forum: General Discussion (csf)
Topic: DirectAdmin modsecurity denials not blocked by CSF/LFD
Replies: 2
Views: 2975

DirectAdmin modsecurity denials not blocked by CSF/LFD

I have a bunch of DirectAdmin servers that have modsecurity installed through custombuild 2.0. I can't get CSF to block the denials by modsecurity and would appreciate some help with this. Modsecurity is working according to the audit log but some of the attacks are rather heavy and blocking in the ...