LF_APACHE_404 Trigger not working

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

LF_APACHE_404 Trigger not working

Post by marcele »

In my testing I wasn't able to get the LF_APACHE_404 login failure trigger to work. I'm not sure if this is just a Plesk server issue or if this bug applies to Cpanel servers too.

From the stackoverflow post below it looks like in Apache 2.4.1 the 404 error code was demoted from the core:error to core:info log level as 404 errors are not logged to the error_log by default unless you set LogLevel core:info in the apache config (I'm using a Plesk server to test).

https://stackoverflow.com/questions/365 ... -error-log

After setting LogLevel core:info in the apache config 404 errors are logged to the error log but the CSF regex doesn't match because the regex only matches core:error messages:

Old regex used by CSF

Code: Select all

^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[(\S*:)?error\] (\[pid \d+(:tid \d+)?\] )?\[client (\S+)\] (\w+: )?File does not exist\:/
Fixed regex which will match both info and error

Code: Select all

^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[(\S*:)?(?:error|info)\] (\[pid \d+(:tid \d+)?\] )?\[client (\S+)\] (\w+: )?File does not exist\:
Regex101 Test
https://regex101.com/r/Ic3NCp/1
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: LF_APACHE_404 Trigger not working

Post by ForumAdmin »

Thank you for reporting this. We'll have a fix for it in the next release.
Post Reply