Atomicorp

I just noticed that the ASL installer didn't install the ASL kernel, I completely removed and re-installed it and found the following error message: kernel-2.6.32-573.12.1.el6.x86_64 grep: /boot/grub2/grub.cfg: No such file or directory DEBUG 0 Running kernel was not detected in /boot/grub2/grub.cfg...

I've been testing a new server and just noticed that if I manually remove an IP from the Blacklist after having intentionally triggered the WAF, it won't flag the incident from the same IP when I try it again. So far I've tried this from two different hosts. Once manually removed from Blacklist, ASL...

I've recently had a number of wordpress sites on my server compromised. I am pretty sure the sites weren't running the latest version of wordpress though. All of them seemed to have one thing in common, various integral files at encrypted code injected at the top of them. While ASL blocked the infec...

Could you tell me where this is configured inside the apache configuration?

On older ASL versions the above has generated the 403 Forbidden page

Another thing, I tried uninstalling ASL recently but it didn't go well. I couldn't even reinstall ASL, instead had to format the server

Hey,

I'm experimenting with a vanilla LAMP server (no control panel). Tripping the WAF is throwing the Apache default page instead of the 403 Forbidden.
I can see the event being logged inside ASL and the IP being block just fine.

Any ideas?

Hey,

That is one nice looking set you just penned down.

I can't believe I didn't take into account Varnish vs. Apache, It never hit me.

I just tried placing TWAF behind varnish (put TWAF on the same port as NGINX) but varnish is bypassing TWAF and going to nginx instead.

Hey, I need help tuning the TWAF instance for heavy load. I'm load testing a new server with the following configuration Nginx Varnish PHP-FPM (PHP v5.4) Percona 5.6 ASL Test Application: Wordpress Server config: 1 x Intel Xeon E5450 32 GB RAM 1 x 1TB 7200RPM HDD I'm using Loader.io for load testing...

I just experienced the same on one of our shared servers running ASL. ASL isn't blocking the attacks, server load average was hitting 4 (which isn't much but it was effecting dns for some reason) For the time being I've disabled access to xmlrpc.php by adding the following to the global apache conf....

Ive seen that happen when the filesystem runs out of space unless the server ran out of inodes, space can't be an issue [root@server1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/md1 1.8T 310G 1.4T 18% / tmpfs 16G 12K 16G 1% /dev/shm /dev/md0 496M 107M 364M 23% /boot

One of my servers stopped responding out of the blue, after a little troubleshooting it turned out that the server was blocking all IP's, couldnt even ping google from the server. When i tried to open ASL's panel it showed the following errors: Notice: Use of undefined constant EXIT_FATAL - assumed ...

Apologies for the late reply.

TWAF and Varnish were running side by side on port 80.

Edit: Would changing settings in the tortixd.conf file at /var/asl/etc/httpd/conf help?

I don't follow.

The original setup had Nginx / PHP-FPM on port 8888 and Varnish & TWAF on port 80

Initially I had it set up on port 80

I just setup TWAF along side Varnish on port 80 for a server, when I tested it myself things went fine but everything went haywire as soon as I redirected traffic to it. The pages took forever to load, when they loaded other times just an endless wait. So I removed TWAF from port 80 and everything g...