ezynic
November 21, 2016, 5:52pm
1
When a brute-force rule is triggered in Litespeed, it appears like this in the cPanel interface:
230000: COMODO WAF: Brute Force Attack Identified|Source %{tx.real_ip} (%{tx.brute_force_block_counter} hits since last alert)
As you can see, the IP and counter is not displayed. I hope this can be fixed in the next release.
Also, how long does the block last?
TDmitry
November 22, 2016, 11:54am
2
Looks like LiteSpeed doesn’t support ModSecurity variable expansion in msg field, so the most suitable solution would be to request bug fix at LiteSpeed support.
ezynic
November 22, 2016, 3:34pm
3
Will do, and reference this thread.
How long does the block last?
TDmitry
November 22, 2016, 4:15pm
4
By default brute_force_block_timeout=300 seconds.
When a brute-force rule is triggered in Litespeed, it appears like this in the cPanel interface:
230000: COMODO WAF: Brute Force Attack Identified|Source %{tx.real_ip} (%{tx.brute_force_block_counter} hits since last alert)
As you can see, the IP and counter is not displayed. I hope this can be fixed in the next release.
Also, how long does the block last?
LiteSpeed just released a fix for this in version 5.1.12 and I can confirm that it’s working.
It’s a definitely good news )