Customers office IP keeps getting blocked by CSF/ModSecurity? Cant figure out why

Jordz2203

Member
Joined
Sep 8, 2022
Messages
37
Hi guys,
So one of our websites office keeps getting blocked by CSF/ModSecurity. Its weird, I keep having to go into Config Server Firewall as an admin and searching for the IP here
1663665840972.png
Then it gives me this
csf.deny: 154.IP.IP.21 # BFM: mod_security1=60 (ZA/South Africa/IPHostname) - Tue Sep 20 08:54:11 2022

I cant figure out why they keep getting blocked? Maybe the firewall is too strict, but I went into ModSecurity here
1663665897220.png
Then logs, but its too difficult to search them and I couldnt actually see any reason they getting blocked. Only one or two indiciating "suspicious activity" but none that confirmed a block.
 

BillyS

Verified User
Joined
Jul 17, 2021
Messages
232
Isn't that reason stating Brute Force Monitor is calling for the block, not CSF block country? Have you checked the BFM logs to see what rule is being tripped? Did you try to white list the IPs?
 

Jordz2203

Member
Joined
Sep 8, 2022
Messages
37
Isn't that reason stating Brute Force Monitor is calling for the block, not CSF block country? Have you checked the BFM logs to see what rule is being tripped? Did you try to white list the IPs?
I whitelisted the IP, I also ended up blocking the rule because it kept triggeting.

The rules were
Modsec 77316934 and Modesec 77140992
 
Top