Starburst

Just a FYI, JetBack seems to work with CWP unofficially. When you access the control panel for it, it shows all the CWP user accounts. Only draw back I see, if they would have to use a different control panel, UN & PW to access it.

Check your main config file for the OWASP rules. Sounds like a path wasn't set correctly.

Tried it, still isn't fully working. The servers use ModSecurity2.9.8 with the OWASP CRS ruleset on Apache 2.4.63 Thanks

@Navid Tried your modification, but LFD gave an error:

We run AlmaLinux 9.x Try to run these: dnf install php-cli libsodium libsodium-devel php-sodium php-pecl-zip php-pecl-mailparse php-mbstring php-pear php-devel php-pecl-imagickpecl channel-update pecl.php.netYou may need to recompile afterwards.

I got ModSecurity 2.9.8 working on CWP with Apache and the OWASP latest Ruleset (4.11.0) https://kb.starburstservices.com/control-web-panel-cwp/control-web-panel-cwp-admin-tutorials/update-modsecurity-running-cwp-and-apache-on-almalinux-8-9/ ModSecurity 3.x isn't recommended yet @Sandeep I'll send you a DM

Currently I’m using: ./configure --with-apxs=/usr/local/apache/bin/apxsShould I be building it another way for CWP?

Yes, you can. You will create the main account: User Accounts → New Account. For the additional domain, you will create that under the menu: Domains → Add Domain. That will ask you for the user, which you created above under User Account. Then you can either point to the root of the same directory, or a sub-folder. Or you can user Cloudflare to redirect the domain to another.

So it seems by default CWP send out 3 paragraphs with attacks, and the above code, cut it down to 1 paragraph. Which in turn sites like AbuseIPDB can accept automatically.

Figured it out.

Sandeep, I was using the additional code so LFD would just send the 1 paragraph out to the blacklists, but when I switch to OWASP latest it stopped working. Any ideas? Thanks

Since the Comodo ruleset it dead, has anyone had luck getting Apache, Mod_Security, CSF/LFD and OWASP CRS all working tother? I see from the log file, entries are being added, and /var/log/lfd/log show the file is being monitored. BUT no email notifications are being sent, and the bad IP isn’t being added to /etc/csf/csf.deny to be blocked by CSF. Weird part is, Comodo and OWASP old both work. This is a problem with OWASP latest. CWP version is 0.9.8.1190

Just wanted to confirm this is the fix to migrate CWP from AL8 to AL9 using CWP → CWP Migration.

RoundCube 1.5.9 works greats also. Just need to change the 8 to a 9.

I just always use https://www.alphagnu.com/topic/24-cwp-–-control-web-panel-install-latest-apache-2462-version/