Issue/bug with AlmaLinux 9 mod_http2 CSF and mod_security?

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
nufanweb
Junior Member
Posts: 2
Joined: 12 Apr 2024, 03:28

Issue/bug with AlmaLinux 9 mod_http2 CSF and mod_security?

Post by nufanweb »

OS AlmaLinux v9.3.0 STANDARD
cPanel Version 118.0.4
CSF: 14.20

Notable modules:
mod_remoteip (cloudflare)
mod_http2-2.4.59-1.1.1.cpanel.x86_6

First, I appreciate all the hard work the team puts into this software.

Recently setup a fresh cPanel server and I noticed that the firewall wasn't blocking repeated mod security hits, despite configuring LF_MODSEC with a low threshold (2). The CSF Cloudflare firewall also wasn't functioning properly.

CSF seemed to be ignoring mod security in the lfd log, despite the mod security hits appearing in the Apache error log.

After a lot of troubleshooting, I discovered that the issue appears to arise when mod_http2 is enabled.

Upon running EasyApache and removing mod_http2, the CSF firewall started functioning as expected and blocking repeated mod security hits, the Cloudflare firewall in CSF also started working.

I repeated the process of installing and removing mod_http2 several times, and it appeared to be somehow related to mod_http2.

I searched around but couldn’t find any additional info so not sure if this is related specifically to AlmaLinux v9, etc. If this isn't a bug please move to the correct forum.

Again, appreciate all the hard work the team puts into this software!
MohammadNehme1
Junior Member
Posts: 2
Joined: 16 Sep 2024, 20:19

Re: Issue/bug with AlmaLinux 9 mod_http2 CSF and mod_security?

Post by MohammadNehme1 »

Hello
did you get anywhere with this ?
Im running similar setup and im facing a similar problem .
Post Reply