You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
In updating from AlmaLinux 9.3 to 9.4, Apache and a number of its modules were also updated. The Apache log format slightly changed, breaking both Fail2Ban and CrowdSec's modsecurity parsing. In my setup, the first iteration of [client: ...] in the logs was changed to [remote: ...]. Fail2Ban implemented a fix for this 3 months ago and I suggest that CrowdSec's modsecurity.yaml be edited to allow what is currently the first reference of [client: ...] to be either[client: ...]or[remote: ...] in APACHEERRORPREFIX2:
To Reproduce
Update Apache httpd to 2.4.57-8 as part of upgrading AlmaLinux 9.3 to AlmaLinux 9.4.
Expected behavior
I expected the Apache log format to stay consistent and for CrowdSec's modsecurity parser to continue to parse Apache error logs successfully.
Additional context
Editing the APACHEERRORPREFIX2: line in modsecurity.yaml, changing the first reference of [client: ...] to [remote: ...] fixed my problem.
The text was updated successfully, but these errors were encountered:
Describe the bug
In updating from AlmaLinux 9.3 to 9.4, Apache and a number of its modules were also updated. The Apache log format slightly changed, breaking both Fail2Ban and CrowdSec's modsecurity parsing. In my setup, the first iteration of
[client: ...]in the logs was changed to[remote: ...]. Fail2Ban implemented a fix for this 3 months ago and I suggest that CrowdSec's modsecurity.yaml be edited to allow what is currently the first reference of[client: ...]to be either[client: ...]or[remote: ...]inAPACHEERRORPREFIX2:To Reproduce
Update Apache httpd to 2.4.57-8 as part of upgrading AlmaLinux 9.3 to AlmaLinux 9.4.
Expected behavior
I expected the Apache log format to stay consistent and for CrowdSec's modsecurity parser to continue to parse Apache error logs successfully.
Additional context
Editing the
APACHEERRORPREFIX2:line in modsecurity.yaml, changing the first reference of[client: ...]to[remote: ...]fixed my problem.The text was updated successfully, but these errors were encountered: