Any hint how to debug modsecurity issues?

I run my installation for some months without any issues. CP with open Litespeed an modsecurity.

Yesterday I figured out, that my webtraffic was reduced a lot since 5 days. And I had the issue, that I couldn´t connect to some of my hosted domains.

After some testing I figured out, that modsecurity blocks connections.

If I disable modsecurity all work again. If I start it again, everything runs fine for about 1 or 2 hours. And suddenly everything gets blocked.

So my question: Can anyone give me a hint how to solve such a problem?

I need to figure out what is triggering which rule and why.

And: Where are the blocks? iptables?

How can I do this?

Best regards,


you can check the blocked rules under the log file


if you need to whitelist any rules

you can add an entry in the file
/usr/local/lsws/conf/httpd_config.conf just before the enties of mod_sec include files

SecRuleRemoveById 980130
SecRuleRemoveById 980132
SecRuleRemoveById 980145

like this

best way to to add a custom conf and add the entire there
add a line after ‘SecRuleEngine On’ as follows

modsecurity_rules_file /usr/local/lsws/conf/modsec/custom.conf

and add IDs that need to be excluded as above and restart …

Hi Maxin,

thanks for the help. It works perfect for me!