Captcha - WordPress login

**admin** · 03-14-2017, 03:32 PM

Both my Apache + mod_lsapi and LiteSpeed servers are not logging anything new to /usr/local/apache/logs/modsec_audit.log.

**admin** · 03-14-2017, 03:50 PM

> Im also seeing Comodo WAF no longer functioning on all servers with Imunify360 installed

Hi Ryan, That appears to be another Imunify bug jira id DEF-1169. Imunify current version 1.0.4 tweaks ModSecurity SecRuleEngine setting from "Process the rules" to "Process the rules in verbose mode, but do not execute disruptive actions" which results Comodo WAF ModSecurity rules do not block. Could you please change this setting ("Security Center" -> ModSecurity Configuration > SecRuleEngine) back to "Process the rules"? The captcha will not work for CWAF blocks but Imunify will not be taking over block ability from CWAF, at least. Please expect for general fix (jira id DEF-1169) to appear in changelog for one of our next bugfix releases. Could you please attach output of # imunify360-agent doctor command so we can follow up if our guess regarding this bug is correct. Thank you, Imunify Developer

**admin** · 03-14-2017, 04:18 PM

> Im not getting anything new logged in /usr/local/apache/logs/modsec_audit.log or in Imunify.
> Comodo WAF was working perfectly before installing Imunify.

> Any idea how to fix? I should note I am using Litespeed and not Apache.

Hi Ryan,

Could you please open helpdesk ticket via -
https://helpdesk.cloudlinux.com/

We need more info to help you with figuring out what can go wrong with your Litespeed configuration.

Thank you,
Imunify developer

**admin** · 03-14-2017, 04:24 PM

Actually I dug into it and on my Apache & mod_lsapi (EasyApache 4) server, nothing is being logged to /usr/local/apache/logs/modsec_audit.log, however I am seeing files generated in /var/log/apache2/modsec_audit/ with those entries being recorded in Imunify dashboard.

However, on my Litespeed (EasyApache 3) server, the /var/log/apache2/modsec_audit/ doesnt exist since this server isnt on EasyApache 4 yet. Should I try creating this directory or update the MODSEC_AUDIT_LOG_DIR variable in /opt/alt/python35/share/imunify360/scripts/modsec_log_collector?

**admin** · 03-14-2017, 04:34 PM

> Should I try creating this directory

Ryan,

That will be the most straightforward way to fix audit logs. Please do.

> However, on my Litespeed (EasyApache 3) server, the /var/log/apache2/modsec_audit/ doesnt exist since this server isnt on EasyApache 4 yet

I logged a jira to make sure the dir will be created automatically if does not exist in next releases of Imunify.

Kind regards,
Imunify developer

**admin** · 03-14-2017, 05:08 PM

Okay Ive created the /var/log/apache2/modsec_audit/nobody/ directory and set it to match the permissions/ownership from my other server. Is there anything else needed to kickstart this to start working? Ive restarted Imunify and Litespeed but havent seen anything logged yet (usually I will see some hits every few minutes).

Another question - Is your Imunify ModSecurity rules compatible with Litespeed? Should there be no issues running it in conjunction with Comodo WAF ruleset?

**admin** · 03-14-2017, 05:17 PM

> Is there anything else needed to kickstart this to start working? Ive restarted Imunify and Litespeed but havent seen anything logged yet (usually I will see some hits every few minutes).

Ryan, please open helpdesk request -
https://helpdesk.cloudlinux.com/

We will request you for server access to investigate the issue in details.

> Another question - Is your Imunify ModSecurity rules compatible with Litespeed? Should there be no issues running it in conjunction with Comodo WAF ruleset?

Yes, we expect no issues for Imunify ModSecurity rules to run in conjunction with Comodo WAF ruleset.

Kind regards,
Imunify developer

**admin** · 03-14-2017, 06:40 PM

>> Is there anything else needed to kickstart this to start working? Ive restarted Imunify and Litespeed but havent seen anything logged yet (usually I will see some hits every few minutes).
>
> Ryan, please open helpdesk request -
> https://helpdesk.cloudlinux.com/
>
> We will request you for server access to investigate the issue in details.
>
>> Another question - Is your Imunify ModSecurity rules compatible with Litespeed? Should there be no issues running it in conjunction with Comodo WAF ruleset?
>
> Yes, we expect no issues for Imunify ModSecurity rules to run in conjunction with Comodo WAF ruleset.
>
> Kind regards,
> Imunify developer

While Im not seeing any files generated in /var/log/apache2/modsec_audit/nobody/ yet, I am seeing ModSecurity entries logged in Imunify dashboard now, which is a good sign.

I submitted a support ticket several hours ago but have not received a response yet.

**admin** · 03-14-2017, 10:14 PM

Ryan, please log helpdesk ticket id here so I can be sure you question is answered.

Thank you,
Imunify developer

Captcha - WordPress login

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment