ConfigServer Community Forum

@Between brain: I just learned that it was not apache but the browsers who did gave the unauthorized notice after 3 attempts. Since some time the browsers changed this and just keep presenting the login screen. Which ofcourse is a bad idea because this can be abused for bruteforcing. @Admin: Hopeful...

Does it stop after 3 attempts on nginx? Or can you keep on going trying to put various usernames in there?
There should be an authentication error after 3 attempts if all was working as it should be, correct?

This might be due to changes in Apache. Normally when I used a faulty user, I could only try 3 times before getting an error notice. Now on a cpanel server, I see this in the error log: [Tue Feb 25 16:40:10 2014] [error] [client 84.26.xxx.xxx] user dkdk not found: /test/closedir/ Just like the logfi...

Thank you, that explains it.
Is it possible to define the same logfile in LF_HTACCESS and CUSTOMx_log if needed?

Thanks for sharing!

Can it be confirmed if this is a bug or not please?

I'm just using the new option for using wildcards in logs as followed: HTACCESS_LOG = "/var/log/httpd/error_log /var/log/httpd/domains/*.error.log" Now we have a regexp.custom.pm like this: if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\...

Ah oke. I thought lfd -r would do that too, used it several times, but did not check the log though. That would explain some things to me.

However, when it's not intended, why his this -r option present and doing something in lfd?
And wouldn't this be a nice feature?

When I use /etc/rc.d/init.d/csf restart it says that I should use csf -r. That works oke. However, normally you often also should restart LFD and that worked before (if I'm not mistaken) with lfd -r too. This does not work anymore, if you do a lfd -r to restart lfd, you get the following error notic...

It's better to use the multiple HTACCESS logs then changing the user's httpd.conf files for a couple of reasons. 1.) If you change the log, a user can't view his domains error logs anymore. That's no problem if you're the only user on a VPS or something, but certainly not advisable for hosting compa...