In the latest update (4.2.16) you appear to have prepended mod_security logs with the string "[modsecurity]". I'm not sure why you added this, but unfortunately it has broken CSF/LFD's regex for blocking client IP addresses because the line is no longer a traditional Apache format. Can you please remove it and revert the error log lines to what they were before?
Before the change (working):
After the change (broken):
Due to the recent BASH vulnerabilities, we of course cannot downgrade back to a working version. I'd appreciate your swift resolution of this.
Before the change (working):
Code:
[Tue Sep 30 20:43:09 2014] [error] [client 95.211.131.148] ModSecurity: Access denied with code 403, [Rule: 'user:bf_block' '@gt 0'] [id "5000135"] [msg "ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes."]
Code:
[modsecurity] [Tue Sep 30 20:43:09 2014] [error] [client 95.211.131.148] ModSecurity: Access denied with code 403, [Rule: 'user:bf_block' '@gt 0'] [id "5000135"] [msg "ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes."]
Last edited by a moderator: