Kais
1
I run my installation for some months without any issues. CP with open Litespeed an modsecurity.
Yesterday I figured out, that my webtraffic was reduced a lot since 5 days. And I had the issue, that I couldn´t connect to some of my hosted domains.
After some testing I figured out, that modsecurity blocks connections.
If I disable modsecurity all work again. If I start it again, everything runs fine for about 1 or 2 hours. And suddenly everything gets blocked.
So my question: Can anyone give me a hint how to solve such a problem?
I need to figure out what is triggering which rule and why.
And: Where are the blocks? iptables?
How can I do this?
Best regards,
Kai
maxin
2
Hi,
you can check the blocked rules under the log file
/usr/local/lsws/logs/error.log
if you need to whitelist any rules
you can add an entry in the file
/usr/local/lsws/conf/httpd_config.conf just before the enties of mod_sec include files
SecRuleRemoveById 980130
SecRuleRemoveById 980132
SecRuleRemoveById 980145
like this
best way to to add a custom conf and add the entire there
add a line after ‘SecRuleEngine On’ as follows
modsecurity_rules_file /usr/local/lsws/conf/modsec/custom.conf
and add IDs that need to be excluded as above and restart …
Kais
3
Hi Maxin,
thanks for the help. It works perfect for me!