I am experiencing an issue where my ModSecurity module does not appear to be loading or functioning correctly on my LiteSpeed server, even though it is enabled in the CyberPanel GUI.
Problem Details
ModSecurity and OWASP CRS are Enabled in the GUI configuration.
However, all security tests (e.g., trying to access specific endpoints with known attack strings) result in a 200 OK (normal page load) instead of the expected 403 Forbidden response.
The ModSecurity audit log (/usr/local/lsws/logs/modsec_audit.log) does not exist, indicating the module might not be loading at all.
I have already performed a server reboot and updated CyberPanel to the latest version, but the issue persists.
Request
Could you please assist me in diagnosing why the ModSecurity module is not being initialized by the LiteSpeed web server? I suspect there might be a configuration or environment issue preventing the module from loading correctly.
will be very glad. My website went down becasue of the mod security error. All this is on hte latest cyberpanel github upgrade. below is the error message on all websites hosted on the vps. the minute i disable modsecurity from cyberpanel dashboard. everything becomes smooth sail.
@usmannasir I’m facing the same issue — it’s not blocking requests even when testing with something like: https://your-domain.com/?test=<script>alert(1)</script
It doesn’t get blocked.
I then updated the server to Ubuntu 24 LTS and tried installing CyberPanel, but the installation failed because IPv6 was enabled. After rebuilding the server and disabling IPv6, the installation completed successfully — that was the first issue I had to resolve.
After that, I installed ModSecurity. When I checked the logs, there was no log file, so I manually created: /usr/local/lsws/logs/auditmodsec.log
Now the toggle option in the UI works, but it’s still not blocking or banning any IPs. Can you guide how to fix it ?
Problem Details
Request