[Resolved] Remove [modsecurity] line in error_log

Status
Not open for further replies.
#1
In the latest update (4.2.16) you appear to have prepended mod_security logs with the string "[modsecurity]". I'm not sure why you added this, but unfortunately it has broken CSF/LFD's regex for blocking client IP addresses because the line is no longer a traditional Apache format. Can you please remove it and revert the error log lines to what they were before?

Before the change (working):

Code:
[Tue Sep 30 20:43:09 2014] [error] [client 95.211.131.148] ModSecurity: Access denied with code 403, [Rule: 'user:bf_block' '@gt 0'] [id "5000135"] [msg "ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes."]
After the change (broken):
Code:
[modsecurity] [Tue Sep 30 20:43:09 2014] [error] [client 95.211.131.148] ModSecurity: Access denied with code 403, [Rule: 'user:bf_block' '@gt 0'] [id "5000135"] [msg "ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes."]
Due to the recent BASH vulnerabilities, we of course cannot downgrade back to a working version. I'd appreciate your swift resolution of this.
 
Last edited by a moderator:
Status
Not open for further replies.
Top