litespeed+mod_security error_log hostname issue

Discussion in 'Apache Migration/Compatibility' started by Hamid, Oct 13, 2018 at 10:00 AM.

  1. Hamid

    Hamid New Member

    Hi dear friends
    i have a problem when i switch to litespeed
    here is apache webserver + mod_security error log (which help me grep target domain in error_log to find the issue in simple way)
    Code:
    [:error][client 87.107.xxx.xxx] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<[a-z0-9]{6}>" at ARGS:emailglobalheader. [file "/var/cpanel/cwaf/rules/02_Global_Generic.conf"] [line "303"] [id "211310"] [rev "1"] [msg "COMODO WAF: XSS vulnerability"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "MY_DOMAIN"] [uri "/admin/configgeneral.php"] [unique_id "W8DOEZHqAC6q7V3BpaMNVQAAAEM"], referer: https://MY_DOMAIN/admin/configgeneral.php?nocache=ZpelEI30vO501102
    but here is same error when using litepeed + mod_security (you can see it does not include hostname or etc which shows what does this error belongs to!?!!
    Code:
    [NOTICE] [87.107.xxx.xxx:1129:HTTP2-67] mod_security rule [Id '211310'] triggered!
    [modsecurity] [Fri Oct 12 18:37:16 2018] [error] [client 87.107.xxx.xxx] ModSecurity: Access denied with code 403, [Rule: 'ARGS|ARGS_NAMES|REQUEST_URI|REQUEST_HEADERS:User-Agent|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:post|!ARGS:desc|!ARGS:html_message|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/' '@rx <[a-z0-9]{6}>'] [id "211310"] [rev "1"] [msg "COMODO WAF: XSS vulnerability"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"]
    [NOTICE] [87.107.xxx.xxx:1129:HTTP2-67] Content len: 15147, Request line: 'POST /admin/configgeneral.php?action=save HTTP/1.1'
    so i need help to find setting which create logs same as apache with referer domain i tried changing admin console log levels etc,,, but it does not make change!
     
    Last edited by a moderator: Oct 15, 2018 at 2:08 PM

Share This Page