Atomicorp

Hey,

I'm experimenting with a vanilla LAMP server (no control panel). Tripping the WAF is throwing the Apache default page instead of the 403 Forbidden.
I can see the event being logged inside ASL and the IP being block just fine.

Any ideas?

Which rule?

On older ASL versions the above has generated the 403 Forbidden page

Another thing, I tried uninstalling ASL recently but it didn't go well. I couldn't even reinstall ASL, instead had to format the server

I'm not able to reproduce this behavior, the rule specifically sends a 403 error, you can see that in the rule itself:

"phase:2,deny,status:403,capture,id:340162,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:300,severity:2,msg:'Atomicorp.com WAF Rules: URL detected as argument, possible RFI attempt detected',logdata:'%TX:0,%{matched_var_name}'"

However, if apache is configured to send something differently, then modsecurity will not over-ride that.

Could you tell me where this is configured inside the apache configuration?

It could be almost anywhere, in a .htaccess file and/or in one or more of your apache configuration file, for example setting custom error responses will do this.