Author Topic: problem with version 1.13  (Read 253 times)

Offline okeycool

  • Newbie
  • *
  • Posts: 4
problem with version 1.13
« on: July 14, 2017, 09:58:32 AM »
Hello,

After update to the last version, I have a block ips with rule id unknown; also the rules 211190 and 210801 blocks the Google ips and msnbot, this is an example:

181.66.75.22 # lfd: (mod_security) mod_security (id:unknown) triggered by 181.66.75.22 (PE/Peru/-): 5 in the last 3600 secs - Mon Jul 10 11:29:14 2017
130.211.222.188 # lfd: (mod_security) mod_security (id:211190) triggered by 130.211.222.188 (US/United States/188.222.211.130.bc.googleusercontent.com): 5 in the last 3600 secs - Mon Jul 10 20:53:17 2017

Regards.

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: problem with version 1.13
« Reply #1 on: July 14, 2017, 10:19:53 AM »
If you believe that mod_security blocks some user-agents, which you think is safe then you can add them into userdata_wl_agents to avoid triggering of 210800/210801 rules.

Offline okeycool

  • Newbie
  • *
  • Posts: 4
Re: problem with version 1.13
« Reply #2 on: July 14, 2017, 03:09:28 PM »
And how to resolve the rule id unknown?

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: problem with version 1.13
« Reply #3 on: July 17, 2017, 05:07:57 AM »
And how to resolve the rule id unknown?
Can you provide logs for that event?

Offline okeycool

  • Newbie
  • *
  • Posts: 4
Re: problem with version 1.13
« Reply #4 on: July 18, 2017, 11:18:06 AM »
error_log
=======
2017-07-18 10:08:55.966 [NOTICE] [179.7.191.114:8058] mod_security rule [Id '-1'] triggered!
[Tue Jul 18 10:08:55 2017] [error] [client 179.7.191.114] ModSecurity: Access denied with code 403, [Rule: 'TX:0' '![at]pmFromFile userdata_wl_content_type']
2017-07-18 10:08:55.966 [NOTICE] [179.7.191.114:8058] Content len: 0, Request line: 'POST /system-rating/admin/php/manager.php?id=45&i=Arthur%20y%20los%20Minimoys&ref=http%3A%2F%2Fwww.latinomovies.net%2Fpelicula%2F45%2Farthur-y-los-minimoys.html&rnd=313_320 HTTP/1.1'
2017-07-18 10:08:55.966 [INFO] [179.7.191.114:8058] Cookie len: 75, adb_1000179087=1; adb_1000200421=1; __dtsu=D9E9B66B88872D59F234F9660232929A
2017-07-18 10:08:55.966 [INFO] [179.7.191.114:8058] File not found [/home/latinomo/public_html/403.shtml]

2017-07-18 10:09:40.610 [NOTICE] [179.7.191.114:18063] mod_security rule [Id '-1'] triggered!
[Tue Jul 18 10:09:40 2017] [error] [client 179.7.191.114] ModSecurity: Access denied with code 403, [Rule: 'TX:0' '![at]pmFromFile userdata_wl_content_type']
2017-07-18 10:09:40.610 [NOTICE] [179.7.191.114:18063] Content len: 0, Request line: 'POST /system-rating/admin/php/manager.php?id=45&i=Arthur%20y%20los%20Minimoys&ref=http%3A%2F%2Fwww.latinomovies.net%2Fpelicula%2F45%2Farthur-y-los-minimoys.html&rnd=958_959 HTTP/1.1'
2017-07-18 10:09:40.610 [INFO] [179.7.191.114:18063] Cookie len: 75, __dtsu=D9E9B66B88872D59F234F9660232929A; adb_1000179087=2; adb_1000200421=2
2017-07-18 10:09:40.610 [INFO] [179.7.191.114:18063] File not found [/home/latinomo/public_html/403.shtml]

2017-07-18 10:10:44.890 [NOTICE] [179.7.191.114:64151] mod_security rule [Id '-1'] triggered!
[Tue Jul 18 10:10:44 2017] [error] [client 179.7.191.114] ModSecurity: Access denied with code 403, [Rule: 'TX:0' '![at]pmFromFile userdata_wl_content_type']
2017-07-18 10:10:44.890 [NOTICE] [179.7.191.114:64151] Content len: 0, Request line: 'POST /system-rating/admin/php/manager.php?id=45&i=Arthur%20y%20los%20Minimoys&ref=http%3A%2F%2Fwww.latinomovies.net%2Fpelicula%2F45%2Farthur-y-los-minimoys.html&rnd=232_17 HTTP/1.1'
2017-07-18 10:10:44.890 [INFO] [179.7.191.114:64151] Cookie len: 75, __dtsu=D9E9B66B88872D59F234F9660232929A; adb_1000179087=3; adb_1000200421=3
2017-07-18 10:10:44.891 [INFO] [179.7.191.114:64151] File not found [/home/latinomo/public_html/403.shtml]

2017-07-18 10:10:48.798 [NOTICE] [179.7.191.114:21518] mod_security rule [Id '-1'] triggered!
[Tue Jul 18 10:10:48 2017] [error] [client 179.7.191.114] ModSecurity: Access denied with code 403, [Rule: 'TX:0' '![at]pmFromFile userdata_wl_content_type']
2017-07-18 10:10:49.000 [INFO] [CLEANUP] Send signal: 15 to process: 769185
2017-07-18 10:10:48.798 [NOTICE] [179.7.191.114:21518] Content len: 0, Request line: 'POST /system-rating/admin/php/manager.php?id=45&i=Arthur%20y%20los%20Minimoys&ref=http%3A%2F%2Fwww.latinomovies.net%2Fpelicula%2F45%2Farthur-y-los-minimoys.html&rnd=78_647 HTTP/1.1'
2017-07-18 10:10:48.798 [INFO] [179.7.191.114:21518] Cookie len: 75, __dtsu=D9E9B66B88872D59F234F9660232929A; adb_1000179087=4; adb_1000200421=4
2017-07-18 10:10:48.798 [INFO] [179.7.191.114:21518] File not found [/home/latinomo/public_html/403.shtml]

2017-07-18 10:10:51.889 [NOTICE] [179.7.191.114:25972] mod_security rule [Id '-1'] triggered!
[Tue Jul 18 10:10:51 2017] [error] [client 179.7.191.114] ModSecurity: Access denied with code 403, [Rule: 'TX:0' '![at]pmFromFile userdata_wl_content_type']
2017-07-18 10:10:52.000 [INFO] [CLEANUP] Send signal: 15 to process: 771235
2017-07-18 10:10:52.144 [INFO] [CLEANUP] Send signal: 15 to process: 770914
2017-07-18 10:10:52.144 [INFO] [CLEANUP] Send signal: 15 to process: 770805
2017-07-18 10:10:52.144 [INFO] [CLEANUP] Send signal: 15 to process: 770024
2017-07-18 10:10:51.889 [NOTICE] [179.7.191.114:25972] Content len: 0, Request line: 'POST /system-rating/admin/php/manager.php?id=45&i=Arthur%20y%20los%20Minimoys&ref=http%3A%2F%2Fwww.latinomovies.net%2Fpelicula%2F45%2Farthur-y-los-minimoys.html&rnd=783_822 HTTP/1.1'
2017-07-18 10:10:51.889 [INFO] [179.7.191.114:25972] Cookie len: 75, adb_1000179087=5; adb_1000200421=5; __dtsu=D9E9B66B88872D59F234F9660232929A
2017-07-18 10:10:51.889 [INFO] [179.7.191.114:25972] File not found [/home/latinomo/public_html/403.shtml]



CSF
==
179.7.191.114 # lfd: (mod_security) mod_security (id:unknown) triggered by 179.7.191.114 (PE/Peru/-): 5 in the last 3600 secs - Tue Jul 18 10:10:54 2017
« Last Edit: July 18, 2017, 11:20:51 AM by okeycool »

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek