API tools faq
paste
Mailootje

Untitled

Mailootje
Aug 21st, 2025
23
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 174.87 KB | None | 0 0
raw download clone embed print report
  1. [Wed Aug 20 22:01:38.392103 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 6A94605E6910FC52611935FDC69CB0C652FE8630 / notbefore: Aug 20 22:01:37 2025 GMT / notafter: Aug 20 22:01:37 2026 GMT]
  2. [Wed Aug 20 22:01:38.392314 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  3. [Wed Aug 20 22:01:38.392518 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  4. [Wed Aug 20 22:01:38.392529 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  5. [Wed Aug 20 22:01:38.392539 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  6. [Wed Aug 20 22:01:38.392548 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  7. [Wed Aug 20 22:01:38.392557 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  8. [Wed Aug 20 22:01:38.392567 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  9. [Wed Aug 20 22:01:38.392576 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  10. [Wed Aug 20 22:01:38.392585 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  11. [Wed Aug 20 22:01:38.491863 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 6A94605E6910FC52611935FDC69CB0C652FE8630 / notbefore: Aug 20 22:01:37 2025 GMT / notafter: Aug 20 22:01:37 2026 GMT]
  12. [Wed Aug 20 22:01:38.491893 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  13. [Wed Aug 20 22:01:38.503319 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  14. [Wed Aug 20 22:01:38.503403 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  15. [Wed Aug 20 22:09:35.996423 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  16. [Wed Aug 20 22:09:38.672421 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 7BD150E4A17D65C88F897F9D133013DE388FE792 / notbefore: Aug 20 22:09:37 2025 GMT / notafter: Aug 20 22:09:37 2026 GMT]
  17. [Wed Aug 20 22:09:38.672506 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  18. [Wed Aug 20 22:09:38.672604 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  19. [Wed Aug 20 22:09:38.672612 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  20. [Wed Aug 20 22:09:38.672620 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  21. [Wed Aug 20 22:09:38.672625 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  22. [Wed Aug 20 22:09:38.672631 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  23. [Wed Aug 20 22:09:38.672636 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  24. [Wed Aug 20 22:09:38.672641 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  25. [Wed Aug 20 22:09:38.672646 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  26. [Wed Aug 20 22:09:38.795551 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 7BD150E4A17D65C88F897F9D133013DE388FE792 / notbefore: Aug 20 22:09:37 2025 GMT / notafter: Aug 20 22:09:37 2026 GMT]
  27. [Wed Aug 20 22:09:38.795581 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  28. [Wed Aug 20 22:09:38.808213 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  29. [Wed Aug 20 22:09:38.809321 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  30. [Wed Aug 20 22:18:09.386745 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  31. [Wed Aug 20 22:18:11.919090 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 3AD6FEB9076F38252B877CC89DD0EB04053A0686 / notbefore: Aug 20 22:18:11 2025 GMT / notafter: Aug 20 22:18:11 2026 GMT]
  32. [Wed Aug 20 22:18:11.919167 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  33. [Wed Aug 20 22:18:11.919271 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  34. [Wed Aug 20 22:18:11.919280 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  35. [Wed Aug 20 22:18:11.919287 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  36. [Wed Aug 20 22:18:11.919292 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  37. [Wed Aug 20 22:18:11.919297 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  38. [Wed Aug 20 22:18:11.919303 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  39. [Wed Aug 20 22:18:11.919308 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  40. [Wed Aug 20 22:18:11.919313 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  41. [Wed Aug 20 22:18:12.039980 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 3AD6FEB9076F38252B877CC89DD0EB04053A0686 / notbefore: Aug 20 22:18:11 2025 GMT / notafter: Aug 20 22:18:11 2026 GMT]
  42. [Wed Aug 20 22:18:12.040007 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  43. [Wed Aug 20 22:18:12.050863 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  44. [Wed Aug 20 22:18:12.050923 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  45. [Wed Aug 20 22:19:08.678972 2025] [proxy:error] [pid 511:tid 614] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  46. [Wed Aug 20 22:19:08.679108 2025] [proxy_http:error] [pid 511:tid 614] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  47. [Wed Aug 20 22:19:10.683796 2025] [proxy:error] [pid 479:tid 523] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  48. [Wed Aug 20 22:19:10.683874 2025] [proxy_http:error] [pid 479:tid 523] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  49. [Wed Aug 20 22:19:11.300192 2025] [proxy:error] [pid 511:tid 615] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  50. [Wed Aug 20 22:19:11.300329 2025] [proxy_http:error] [pid 511:tid 615] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  51. [Wed Aug 20 22:19:11.735843 2025] [proxy:error] [pid 478:tid 563] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  52. [Wed Aug 20 22:19:11.735935 2025] [proxy_http:error] [pid 478:tid 563] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  53. [Wed Aug 20 22:19:12.072707 2025] [proxy:error] [pid 478:tid 578] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  54. [Wed Aug 20 22:19:12.072784 2025] [proxy_http:error] [pid 478:tid 578] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  55. [Wed Aug 20 22:19:12.389351 2025] [proxy:error] [pid 511:tid 616] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  56. [Wed Aug 20 22:19:12.389402 2025] [proxy_http:error] [pid 511:tid 616] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  57. [Wed Aug 20 22:19:12.739074 2025] [proxy:error] [pid 511:tid 617] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  58. [Wed Aug 20 22:19:12.739126 2025] [proxy_http:error] [pid 511:tid 617] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  59. [Wed Aug 20 22:19:13.023064 2025] [proxy:error] [pid 479:tid 527] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  60. [Wed Aug 20 22:19:13.023147 2025] [proxy_http:error] [pid 479:tid 527] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  61. [Wed Aug 20 22:19:31.630811 2025] [proxy:error] [pid 479:tid 528] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  62. [Wed Aug 20 22:19:31.630854 2025] [proxy_http:error] [pid 479:tid 528] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  63. [Wed Aug 20 22:19:36.122208 2025] [proxy:error] [pid 478:tid 579] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  64. [Wed Aug 20 22:19:36.122315 2025] [proxy_http:error] [pid 478:tid 579] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  65. [Wed Aug 20 22:19:36.587657 2025] [proxy:error] [pid 511:tid 618] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  66. [Wed Aug 20 22:19:36.587711 2025] [proxy_http:error] [pid 511:tid 618] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  67. [Wed Aug 20 22:19:36.990795 2025] [proxy:error] [pid 479:tid 529] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  68. [Wed Aug 20 22:19:36.990889 2025] [proxy_http:error] [pid 479:tid 529] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  69. [Wed Aug 20 22:19:56.977626 2025] [proxy:error] [pid 511:tid 619] (111)Connection refused: AH00957: http: attempt to connect to 172.20.0.3:80 (vaultwarden:80) failed
  70. [Wed Aug 20 22:19:56.977678 2025] [proxy_http:error] [pid 511:tid 619] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  71. [Wed Aug 20 22:19:57.631047 2025] [proxy:error] [pid 478:tid 583] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  72. [Wed Aug 20 22:19:57.631142 2025] [proxy_http:error] [pid 478:tid 583] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  73. [Wed Aug 20 22:19:57.965531 2025] [proxy:error] [pid 478:tid 584] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  74. [Wed Aug 20 22:19:57.965580 2025] [proxy_http:error] [pid 478:tid 584] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  75. [Wed Aug 20 22:19:58.193268 2025] [proxy:error] [pid 511:tid 620] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  76. [Wed Aug 20 22:19:58.193335 2025] [proxy_http:error] [pid 511:tid 620] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  77. [Wed Aug 20 22:19:59.154096 2025] [proxy:error] [pid 479:tid 530] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  78. [Wed Aug 20 22:19:59.154179 2025] [proxy_http:error] [pid 479:tid 530] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  79. [Wed Aug 20 22:20:00.714034 2025] [proxy:error] [pid 511:tid 621] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  80. [Wed Aug 20 22:20:00.714071 2025] [proxy_http:error] [pid 511:tid 621] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  81. [Wed Aug 20 22:20:02.547706 2025] [proxy:error] [pid 511:tid 622] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  82. [Wed Aug 20 22:20:02.547757 2025] [proxy_http:error] [pid 511:tid 622] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  83. [Wed Aug 20 22:20:16.465387 2025] [proxy:error] [pid 478:tid 585] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  84. [Wed Aug 20 22:20:16.465435 2025] [proxy_http:error] [pid 478:tid 585] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  85. [Wed Aug 20 22:20:47.326755 2025] [proxy:error] [pid 511:tid 630] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  86. [Wed Aug 20 22:20:47.326804 2025] [proxy_http:error] [pid 511:tid 630] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  87. [Wed Aug 20 22:20:47.906051 2025] [proxy:error] [pid 478:tid 586] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  88. [Wed Aug 20 22:20:47.906112 2025] [proxy_http:error] [pid 478:tid 586] [client 104.23.170.29:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  89. [Wed Aug 20 22:22:16.229131 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  90. [Wed Aug 20 22:22:21.764335 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 1AA1E015CB9F9D7F4EECE0E747ADF05791933513 / notbefore: Aug 20 22:22:20 2025 GMT / notafter: Aug 20 22:22:20 2026 GMT]
  91. [Wed Aug 20 22:22:21.764426 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  92. [Wed Aug 20 22:22:21.764518 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  93. [Wed Aug 20 22:22:21.764526 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  94. [Wed Aug 20 22:22:21.764534 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  95. [Wed Aug 20 22:22:21.764549 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  96. [Wed Aug 20 22:22:21.764553 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  97. [Wed Aug 20 22:22:21.764558 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  98. [Wed Aug 20 22:22:21.764562 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  99. [Wed Aug 20 22:22:21.764567 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  100. [Wed Aug 20 22:22:21.910763 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 1AA1E015CB9F9D7F4EECE0E747ADF05791933513 / notbefore: Aug 20 22:22:20 2025 GMT / notafter: Aug 20 22:22:20 2026 GMT]
  101. [Wed Aug 20 22:22:21.910799 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  102. [Wed Aug 20 22:22:21.942959 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  103. [Wed Aug 20 22:22:21.943043 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  104. [Wed Aug 20 22:23:25.192177 2025] [proxy:error] [pid 503:tid 564] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  105. [Wed Aug 20 22:23:25.192356 2025] [proxy_http:error] [pid 503:tid 564] [client 5.75.188.90:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  106. [Wed Aug 20 22:23:29.179851 2025] [proxy:error] [pid 503:tid 559] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  107. [Wed Aug 20 22:23:29.179926 2025] [proxy_http:error] [pid 503:tid 559] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  108. [Wed Aug 20 22:23:48.944656 2025] [proxy:error] [pid 556:tid 610] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  109. [Wed Aug 20 22:23:48.944803 2025] [proxy_http:error] [pid 556:tid 610] [client 172.20.0.2:51326] AH01114: HTTP: failed to make connection to backend: vaultwarden
  110. [Wed Aug 20 22:24:22.245385 2025] [proxy:error] [pid 477:tid 511] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  111. [Wed Aug 20 22:24:22.245536 2025] [proxy_http:error] [pid 477:tid 511] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  112. [Wed Aug 20 22:24:57.336969 2025] [proxy:error] [pid 503:tid 570] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  113. [Wed Aug 20 22:24:57.337053 2025] [proxy_http:error] [pid 503:tid 570] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  114. [Wed Aug 20 22:25:42.824748 2025] [proxy:error] [pid 556:tid 614] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  115. [Wed Aug 20 22:25:42.824821 2025] [proxy_http:error] [pid 556:tid 614] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  116. [Wed Aug 20 22:28:50.974934 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  117. [Wed Aug 20 22:29:10.407144 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 368A0F5568329D18B94812048212C086EEC81B8E / notbefore: Aug 20 22:29:09 2025 GMT / notafter: Aug 20 22:29:09 2026 GMT]
  118. [Wed Aug 20 22:29:10.407251 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  119. [Wed Aug 20 22:29:10.407353 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  120. [Wed Aug 20 22:29:10.407372 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  121. [Wed Aug 20 22:29:10.407379 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  122. [Wed Aug 20 22:29:10.407385 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  123. [Wed Aug 20 22:29:10.407389 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  124. [Wed Aug 20 22:29:10.407394 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  125. [Wed Aug 20 22:29:10.407398 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  126. [Wed Aug 20 22:29:10.407403 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  127. [Wed Aug 20 22:29:10.573412 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 368A0F5568329D18B94812048212C086EEC81B8E / notbefore: Aug 20 22:29:09 2025 GMT / notafter: Aug 20 22:29:09 2026 GMT]
  128. [Wed Aug 20 22:29:10.573440 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  129. [Wed Aug 20 22:29:10.594122 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  130. [Wed Aug 20 22:29:10.594178 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  131. [Wed Aug 20 22:29:40.741824 2025] [proxy:error] [pid 478:tid 521] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  132. [Wed Aug 20 22:29:40.741908 2025] [proxy_http:error] [pid 478:tid 521] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  133. [Wed Aug 20 22:29:41.780011 2025] [proxy:error] [pid 492:tid 574] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  134. [Wed Aug 20 22:29:41.780118 2025] [proxy_http:error] [pid 492:tid 574] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  135. [Wed Aug 20 22:29:57.265623 2025] [proxy:error] [pid 545:tid 597] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  136. [Wed Aug 20 22:29:57.265825 2025] [proxy_http:error] [pid 545:tid 597] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  137. [Wed Aug 20 22:29:57.652849 2025] [proxy:error] [pid 492:tid 575] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  138. [Wed Aug 20 22:29:57.652901 2025] [proxy_http:error] [pid 492:tid 575] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  139. [Wed Aug 20 22:29:57.755890 2025] [proxy:error] [pid 648:tid 683] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  140. [Wed Aug 20 22:29:57.755968 2025] [proxy_http:error] [pid 648:tid 683] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  141. [Wed Aug 20 22:29:57.816502 2025] [proxy:error] [pid 492:tid 576] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  142. [Wed Aug 20 22:29:57.816601 2025] [proxy_http:error] [pid 492:tid 576] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  143. [Wed Aug 20 22:29:57.882176 2025] [proxy:error] [pid 648:tid 675] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  144. [Wed Aug 20 22:29:57.882283 2025] [proxy_http:error] [pid 648:tid 675] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  145. [Wed Aug 20 22:29:57.950426 2025] [security2:error] [pid 545:tid 598] [client 206.189.2.13:0] ModSecurity: Warning. Matched phrase ".vscode" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .vscode found within REQUEST_FILENAME: /.vscode/sftp.json"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.vscode/sftp.json"] [unique_id "aKZMZTWcIpD136HczYVB0AAAAIE"]
  146. [Wed Aug 20 22:29:57.955741 2025] [proxy:error] [pid 545:tid 598] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  147. [Wed Aug 20 22:29:57.955775 2025] [proxy_http:error] [pid 545:tid 598] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  148. [Wed Aug 20 22:29:57.957619 2025] [security2:error] [pid 545:tid 598] [client 206.189.2.13:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.vscode/sftp.json"] [unique_id "aKZMZTWcIpD136HczYVB0AAAAIE"]
  149. [Wed Aug 20 22:29:58.016397 2025] [proxy:error] [pid 478:tid 522] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  150. [Wed Aug 20 22:29:58.016478 2025] [proxy_http:error] [pid 478:tid 522] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  151. [Wed Aug 20 22:29:58.068198 2025] [proxy:error] [pid 648:tid 676] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  152. [Wed Aug 20 22:29:58.068281 2025] [proxy_http:error] [pid 648:tid 676] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  153. [Wed Aug 20 22:29:58.123057 2025] [proxy:error] [pid 545:tid 599] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  154. [Wed Aug 20 22:29:58.123122 2025] [proxy_http:error] [pid 545:tid 599] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  155. [Wed Aug 20 22:29:58.184429 2025] [proxy:error] [pid 648:tid 677] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  156. [Wed Aug 20 22:29:58.184474 2025] [proxy_http:error] [pid 648:tid 677] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  157. [Wed Aug 20 22:29:58.262084 2025] [proxy:error] [pid 492:tid 577] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  158. [Wed Aug 20 22:29:58.262136 2025] [proxy_http:error] [pid 492:tid 577] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  159. [Wed Aug 20 22:29:58.322843 2025] [proxy:error] [pid 478:tid 523] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  160. [Wed Aug 20 22:29:58.322896 2025] [proxy_http:error] [pid 478:tid 523] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  161. [Wed Aug 20 22:29:58.388070 2025] [proxy:error] [pid 648:tid 679] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  162. [Wed Aug 20 22:29:58.388137 2025] [proxy_http:error] [pid 648:tid 679] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  163. [Wed Aug 20 22:29:58.430463 2025] [security2:error] [pid 648:tid 680] [client 206.189.2.13:0] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.DS_Store"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.DS_Store"] [unique_id "aKZMZl0JpPWXG_j99ALihgAAAMU"]
  164. [Wed Aug 20 22:29:58.435172 2025] [proxy:error] [pid 648:tid 680] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  165. [Wed Aug 20 22:29:58.435422 2025] [proxy_http:error] [pid 648:tid 680] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  166. [Wed Aug 20 22:29:58.439200 2025] [security2:error] [pid 648:tid 680] [client 206.189.2.13:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.DS_Store"] [unique_id "aKZMZl0JpPWXG_j99ALihgAAAMU"]
  167. [Wed Aug 20 22:29:58.502942 2025] [security2:error] [pid 478:tid 524] [client 206.189.2.13:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env"] [unique_id "aKZMZuLunXs-qC0eS3TULAAAAAY"]
  168. [Wed Aug 20 22:29:58.507791 2025] [proxy:error] [pid 478:tid 524] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  169. [Wed Aug 20 22:29:58.507835 2025] [proxy_http:error] [pid 478:tid 524] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  170. [Wed Aug 20 22:29:58.509898 2025] [security2:error] [pid 478:tid 524] [client 206.189.2.13:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env"] [unique_id "aKZMZuLunXs-qC0eS3TULAAAAAY"]
  171. [Wed Aug 20 22:29:58.567299 2025] [security2:error] [pid 545:tid 601] [client 206.189.2.13:0] ModSecurity: Warning. Matched phrase ".git/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.git/config"] [unique_id "aKZMZjWcIpD136HczYVB0gAAAIQ"]
  172. [Wed Aug 20 22:29:58.572069 2025] [proxy:error] [pid 545:tid 601] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  173. [Wed Aug 20 22:29:58.572108 2025] [proxy_http:error] [pid 545:tid 601] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  174. [Wed Aug 20 22:29:58.574365 2025] [security2:error] [pid 545:tid 601] [client 206.189.2.13:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.git/config"] [unique_id "aKZMZjWcIpD136HczYVB0gAAAIQ"]
  175. [Wed Aug 20 22:29:58.624252 2025] [proxy:error] [pid 648:tid 682] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  176. [Wed Aug 20 22:29:58.624310 2025] [proxy_http:error] [pid 648:tid 682] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  177. [Wed Aug 20 22:29:58.667878 2025] [security2:error] [pid 648:tid 681] [client 206.189.2.13:0] ModSecurity: Warning. Matched phrase "config.json" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: config.json found within REQUEST_FILENAME: /config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/config.json"] [unique_id "aKZMZl0JpPWXG_j99ALiiAAAAMY"]
  178. [Wed Aug 20 22:29:58.669969 2025] [proxy:error] [pid 648:tid 681] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  179. [Wed Aug 20 22:29:58.669996 2025] [proxy_http:error] [pid 648:tid 681] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  180. [Wed Aug 20 22:29:58.670979 2025] [security2:error] [pid 648:tid 681] [client 206.189.2.13:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/config.json"] [unique_id "aKZMZl0JpPWXG_j99ALiiAAAAMY"]
  181. [Wed Aug 20 22:29:58.728622 2025] [proxy:error] [pid 478:tid 525] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  182. [Wed Aug 20 22:29:58.728680 2025] [proxy_http:error] [pid 478:tid 525] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  183. [Wed Aug 20 22:29:58.784712 2025] [proxy:error] [pid 648:tid 684] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  184. [Wed Aug 20 22:29:58.784782 2025] [proxy_http:error] [pid 648:tid 684] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  185. [Wed Aug 20 22:29:58.867682 2025] [proxy:error] [pid 648:tid 685] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  186. [Wed Aug 20 22:29:58.867763 2025] [proxy_http:error] [pid 648:tid 685] [client 206.189.2.13:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  187. [Wed Aug 20 22:29:59.562521 2025] [proxy:error] [pid 478:tid 526] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  188. [Wed Aug 20 22:29:59.562587 2025] [proxy_http:error] [pid 478:tid 526] [client 154.28.229.61:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  189. [Wed Aug 20 22:29:59.872061 2025] [proxy:error] [pid 648:tid 688] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  190. [Wed Aug 20 22:29:59.872142 2025] [proxy_http:error] [pid 648:tid 688] [client 104.164.126.32:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  191. [Wed Aug 20 22:30:00.368169 2025] [proxy:error] [pid 648:tid 687] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  192. [Wed Aug 20 22:30:00.368217 2025] [proxy_http:error] [pid 648:tid 687] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  193. [Wed Aug 20 22:30:01.050619 2025] [proxy:error] [pid 545:tid 602] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  194. [Wed Aug 20 22:30:01.050663 2025] [proxy_http:error] [pid 545:tid 602] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  195. [Wed Aug 20 22:30:01.409022 2025] [proxy:error] [pid 545:tid 603] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  196. [Wed Aug 20 22:30:01.409080 2025] [proxy_http:error] [pid 545:tid 603] [client 154.28.229.77:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  197. [Wed Aug 20 22:30:02.577972 2025] [proxy:error] [pid 648:tid 686] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  198. [Wed Aug 20 22:30:02.578028 2025] [proxy_http:error] [pid 648:tid 686] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  199. [Wed Aug 20 22:30:07.018825 2025] [proxy:error] [pid 648:tid 689] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  200. [Wed Aug 20 22:30:07.018894 2025] [proxy_http:error] [pid 648:tid 689] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  201. [Wed Aug 20 22:30:08.011478 2025] [proxy:error] [pid 492:tid 578] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  202. [Wed Aug 20 22:30:08.011564 2025] [proxy_http:error] [pid 492:tid 578] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  203. [Wed Aug 20 22:30:10.662107 2025] [security2:error] [pid 648:tid 690] [client 93.123.109.64:0] ModSecurity: Warning. Matched phrase ".git/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.git/config"] [unique_id "aKZMcl0JpPWXG_j99ALijwAAAM8"]
  204. [Wed Aug 20 22:30:10.665995 2025] [proxy:error] [pid 648:tid 690] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  205. [Wed Aug 20 22:30:10.666038 2025] [proxy_http:error] [pid 648:tid 690] [client 93.123.109.64:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  206. [Wed Aug 20 22:30:10.667743 2025] [security2:error] [pid 648:tid 690] [client 93.123.109.64:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.git/config"] [unique_id "aKZMcl0JpPWXG_j99ALijwAAAM8"]
  207. [Wed Aug 20 22:30:51.657698 2025] [proxy:error] [pid 648:tid 697] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  208. [Wed Aug 20 22:30:51.657852 2025] [proxy_http:error] [pid 648:tid 697] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  209. [Wed Aug 20 22:31:03.403030 2025] [proxy:error] [pid 648:tid 698] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  210. [Wed Aug 20 22:31:03.403073 2025] [proxy_http:error] [pid 648:tid 698] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  211. [Wed Aug 20 22:31:03.831308 2025] [proxy:error] [pid 545:tid 604] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  212. [Wed Aug 20 22:31:03.831352 2025] [proxy_http:error] [pid 545:tid 604] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  213. [Wed Aug 20 22:31:04.100836 2025] [proxy:error] [pid 648:tid 699] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  214. [Wed Aug 20 22:31:04.100885 2025] [proxy_http:error] [pid 648:tid 699] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  215. [Wed Aug 20 22:31:05.179986 2025] [proxy:error] [pid 648:tid 691] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  216. [Wed Aug 20 22:31:05.180056 2025] [proxy_http:error] [pid 648:tid 691] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  217. [Wed Aug 20 22:31:12.520621 2025] [proxy:error] [pid 492:tid 585] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  218. [Wed Aug 20 22:31:12.520730 2025] [proxy_http:error] [pid 492:tid 585] [client 149.88.104.11:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  219. [Wed Aug 20 22:31:14.914040 2025] [proxy:error] [pid 478:tid 527] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  220. [Wed Aug 20 22:31:14.914101 2025] [proxy_http:error] [pid 478:tid 527] [client 104.23.170.28:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  221. [Wed Aug 20 22:31:15.140691 2025] [proxy:error] [pid 545:tid 605] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  222. [Wed Aug 20 22:31:15.140776 2025] [proxy_http:error] [pid 545:tid 605] [client 149.88.104.11:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  223. [Wed Aug 20 22:32:03.002360 2025] [security2:error] [pid 545:tid 615] [client 172.20.0.1:47316] ModSecurity: Warning. Pattern match "(?:^([\\\\d.]+|\\\\[[\\\\da-f:]+\\\\]|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "728"] [id "920350"] [msg "Host header is a numeric IP address"] [data "172.20.0.3:8080"] [severity "WARNING"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [hostname "172.20.0.3"] [uri "/"] [unique_id "aKZM4zWcIpD136HczYVB2AAAAIw"]
  224. [Wed Aug 20 22:32:03.005372 2025] [proxy:error] [pid 545:tid 615] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  225. [Wed Aug 20 22:32:03.005402 2025] [proxy_http:error] [pid 545:tid 615] [client 172.20.0.1:47316] AH01114: HTTP: failed to make connection to backend: vaultwarden
  226. [Wed Aug 20 22:32:03.006800 2025] [security2:error] [pid 545:tid 615] [client 172.20.0.1:47316] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=3, detection=3, per_pl=3-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=3)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "172.20.0.3"] [uri "/"] [unique_id "aKZM4zWcIpD136HczYVB2AAAAIw"]
  227. [Wed Aug 20 22:32:18.576832 2025] [proxy:error] [pid 545:tid 616] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  228. [Wed Aug 20 22:32:18.576913 2025] [proxy_http:error] [pid 545:tid 616] [client 104.253.247.154:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  229. [Wed Aug 20 22:32:18.752001 2025] [proxy:error] [pid 648:tid 678] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  230. [Wed Aug 20 22:32:18.752066 2025] [proxy_http:error] [pid 648:tid 678] [client 104.253.247.154:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  231. [Wed Aug 20 22:32:18.988606 2025] [proxy:error] [pid 648:tid 679] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  232. [Wed Aug 20 22:32:18.988655 2025] [proxy_http:error] [pid 648:tid 679] [client 188.241.200.67:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  233. [Wed Aug 20 22:32:19.179707 2025] [proxy:error] [pid 648:tid 680] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  234. [Wed Aug 20 22:32:19.179785 2025] [proxy_http:error] [pid 648:tid 680] [client 188.241.200.67:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  235. [Wed Aug 20 22:32:52.331052 2025] [proxy:error] [pid 492:tid 607] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  236. [Wed Aug 20 22:32:52.331160 2025] [proxy_http:error] [pid 492:tid 607] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  237. [Wed Aug 20 22:32:53.927293 2025] [proxy:error] [pid 545:tid 617] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  238. [Wed Aug 20 22:32:53.927352 2025] [proxy_http:error] [pid 545:tid 617] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  239. [Wed Aug 20 22:32:54.134887 2025] [proxy:error] [pid 545:tid 618] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  240. [Wed Aug 20 22:32:54.134959 2025] [proxy_http:error] [pid 545:tid 618] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  241. [Wed Aug 20 22:32:54.454042 2025] [proxy:error] [pid 648:tid 682] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  242. [Wed Aug 20 22:32:54.454135 2025] [proxy_http:error] [pid 648:tid 682] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  243. [Wed Aug 20 22:32:54.645050 2025] [proxy:error] [pid 648:tid 681] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  244. [Wed Aug 20 22:32:54.645157 2025] [proxy_http:error] [pid 648:tid 681] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  245. [Wed Aug 20 22:33:39.113881 2025] [proxy:error] [pid 478:tid 532] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  246. [Wed Aug 20 22:33:39.113928 2025] [proxy_http:error] [pid 478:tid 532] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  247. [Wed Aug 20 22:33:39.333318 2025] [proxy:error] [pid 545:tid 619] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  248. [Wed Aug 20 22:33:39.333396 2025] [proxy_http:error] [pid 545:tid 619] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  249. [Wed Aug 20 22:33:40.566085 2025] [proxy:error] [pid 492:tid 608] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  250. [Wed Aug 20 22:33:40.566209 2025] [proxy_http:error] [pid 492:tid 608] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  251. [Wed Aug 20 22:33:40.760288 2025] [proxy:error] [pid 545:tid 620] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  252. [Wed Aug 20 22:33:40.760338 2025] [proxy_http:error] [pid 545:tid 620] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  253. [Wed Aug 20 22:33:41.273577 2025] [proxy:error] [pid 648:tid 690] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  254. [Wed Aug 20 22:33:41.273634 2025] [proxy_http:error] [pid 648:tid 690] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  255. [Wed Aug 20 22:33:41.456730 2025] [proxy:error] [pid 478:tid 534] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  256. [Wed Aug 20 22:33:41.456804 2025] [proxy_http:error] [pid 478:tid 534] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  257. [Wed Aug 20 22:33:41.655800 2025] [proxy:error] [pid 545:tid 621] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  258. [Wed Aug 20 22:33:41.655858 2025] [proxy_http:error] [pid 545:tid 621] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  259. [Wed Aug 20 22:33:41.874628 2025] [proxy:error] [pid 492:tid 609] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  260. [Wed Aug 20 22:33:41.874708 2025] [proxy_http:error] [pid 492:tid 609] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden, referer: https://<MY DOMAIN>/
  261. [Wed Aug 20 22:41:57.655136 2025] [security2:error] [pid 492:tid 609] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZPNe_qL6EfUungGcilOQAAAE4"], referer: https://<MY DOMAIN>/
  262. [Wed Aug 20 22:41:57.762268 2025] [security2:error] [pid 492:tid 609] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZPNe_qL6EfUungGcilOQAAAE4"], referer: https://<MY DOMAIN>/
  263. [Wed Aug 20 22:43:12.466336 2025] [security2:error] [pid 648:tid 685] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZPgF0JpPWXG_j99ALiswAAAMo"], referer: https://<MY DOMAIN>/
  264. [Wed Aug 20 22:43:12.480860 2025] [security2:error] [pid 648:tid 685] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZPgF0JpPWXG_j99ALiswAAAMo"], referer: https://<MY DOMAIN>/
  265. [Wed Aug 20 22:44:51.616950 2025] [security2:error] [pid 545:tid 604] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZP4zWcIpD136HczYVB-wAAAIc"], referer: https://<MY DOMAIN>/
  266. [Wed Aug 20 22:44:51.627773 2025] [security2:error] [pid 545:tid 604] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZP4zWcIpD136HczYVB-wAAAIc"], referer: https://<MY DOMAIN>/
  267. [Wed Aug 20 22:47:09.651838 2025] [security2:error] [pid 648:tid 694] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZQbV0JpPWXG_j99ALitwAAANM"], referer: https://<MY DOMAIN>/
  268. [Wed Aug 20 22:47:09.665557 2025] [security2:error] [pid 648:tid 694] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZQbV0JpPWXG_j99ALitwAAANM"], referer: https://<MY DOMAIN>/
  269. [Wed Aug 20 22:49:06.475348 2025] [proxy:error] [pid 545:tid 624] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  270. [Wed Aug 20 22:49:06.475488 2025] [proxy_http:error] [pid 545:tid 624] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  271. [Wed Aug 20 22:49:08.519527 2025] [proxy:error] [pid 648:tid 681] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  272. [Wed Aug 20 22:49:08.519593 2025] [proxy_http:error] [pid 648:tid 681] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  273. [Wed Aug 20 22:49:10.588562 2025] [proxy:error] [pid 478:tid 537] (111)Connection refused: AH00957: http: attempt to connect to 127.0.1.1:80 (vaultwarden:80) failed
  274. [Wed Aug 20 22:49:10.588693 2025] [proxy_http:error] [pid 478:tid 537] [client <MY_IP>:0] AH01114: HTTP: failed to make connection to backend: vaultwarden
  275. [Wed Aug 20 22:52:09.683124 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  276. [Wed Aug 20 22:52:24.349590 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 46DDB0720C1B244FEA351F7F1B97F3EEC2BA0835 / notbefore: Aug 20 22:52:23 2025 GMT / notafter: Aug 20 22:52:23 2026 GMT]
  277. [Wed Aug 20 22:52:24.349678 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  278. [Wed Aug 20 22:52:24.349767 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  279. [Wed Aug 20 22:52:24.349775 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  280. [Wed Aug 20 22:52:24.349782 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  281. [Wed Aug 20 22:52:24.349788 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  282. [Wed Aug 20 22:52:24.349793 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  283. [Wed Aug 20 22:52:24.349798 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  284. [Wed Aug 20 22:52:24.349803 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  285. [Wed Aug 20 22:52:24.349808 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  286. [Wed Aug 20 22:52:24.472730 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 46DDB0720C1B244FEA351F7F1B97F3EEC2BA0835 / notbefore: Aug 20 22:52:23 2025 GMT / notafter: Aug 20 22:52:23 2026 GMT]
  287. [Wed Aug 20 22:52:24.472856 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  288. [Wed Aug 20 22:52:24.517874 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  289. [Wed Aug 20 22:52:24.517965 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  290. [Wed Aug 20 22:52:58.429454 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  291. [Wed Aug 20 22:53:05.302021 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 354D43C3B9B957023D6CB5B281F7D11914EF06B3 / notbefore: Aug 20 22:53:04 2025 GMT / notafter: Aug 20 22:53:04 2026 GMT]
  292. [Wed Aug 20 22:53:05.302133 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  293. [Wed Aug 20 22:53:05.302301 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  294. [Wed Aug 20 22:53:05.302317 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  295. [Wed Aug 20 22:53:05.302352 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  296. [Wed Aug 20 22:53:05.302362 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  297. [Wed Aug 20 22:53:05.302369 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  298. [Wed Aug 20 22:53:05.302378 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  299. [Wed Aug 20 22:53:05.302386 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  300. [Wed Aug 20 22:53:05.302394 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  301. [Wed Aug 20 22:53:05.472600 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 354D43C3B9B957023D6CB5B281F7D11914EF06B3 / notbefore: Aug 20 22:53:04 2025 GMT / notafter: Aug 20 22:53:04 2026 GMT]
  302. [Wed Aug 20 22:53:05.472643 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  303. [Wed Aug 20 22:53:05.489530 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  304. [Wed Aug 20 22:53:05.489596 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  305. [Wed Aug 20 22:53:19.750354 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  306. [Wed Aug 20 22:53:59.734144 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 68CD06312040FFE94F8DF57953F68D4DADEEB5DC / notbefore: Aug 20 22:53:58 2025 GMT / notafter: Aug 20 22:53:58 2026 GMT]
  307. [Wed Aug 20 22:53:59.734285 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  308. [Wed Aug 20 22:53:59.734428 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  309. [Wed Aug 20 22:53:59.734453 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  310. [Wed Aug 20 22:53:59.734462 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  311. [Wed Aug 20 22:53:59.734469 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  312. [Wed Aug 20 22:53:59.734475 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  313. [Wed Aug 20 22:53:59.734480 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  314. [Wed Aug 20 22:53:59.734486 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  315. [Wed Aug 20 22:53:59.734492 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  316. [Wed Aug 20 22:53:59.852153 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 68CD06312040FFE94F8DF57953F68D4DADEEB5DC / notbefore: Aug 20 22:53:58 2025 GMT / notafter: Aug 20 22:53:58 2026 GMT]
  317. [Wed Aug 20 22:53:59.852187 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  318. [Wed Aug 20 22:53:59.868304 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  319. [Wed Aug 20 22:53:59.868376 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  320. [Wed Aug 20 22:56:46.767560 2025] [security2:error] [pid 481:tid 566] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZSrhGOcExV7TT2MA_etAAAAEo"], referer: https://<MY DOMAIN>/
  321. [Wed Aug 20 22:56:46.833956 2025] [security2:error] [pid 481:tid 566] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZSrhGOcExV7TT2MA_etAAAAEo"], referer: https://<MY DOMAIN>/
  322. [Wed Aug 20 22:58:51.781379 2025] [security2:error] [pid 521:tid 618] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTKyk2bSpaditDfl9TawAAAIc"], referer: https://<MY DOMAIN>/admin
  323. [Wed Aug 20 22:58:51.784940 2025] [security2:error] [pid 521:tid 618] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTKyk2bSpaditDfl9TawAAAIc"], referer: https://<MY DOMAIN>/admin
  324. [Wed Aug 20 22:58:51.787343 2025] [security2:error] [pid 521:tid 618] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTKyk2bSpaditDfl9TawAAAIc"], referer: https://<MY DOMAIN>/admin
  325. [Wed Aug 20 22:58:51.802140 2025] [security2:error] [pid 521:tid 618] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTKyk2bSpaditDfl9TawAAAIc"], referer: https://<MY DOMAIN>/admin
  326. [Wed Aug 20 22:59:10.101619 2025] [security2:error] [pid 521:tid 634] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTPik2bSpaditDfl9TgwAAAJc"], referer: https://<MY DOMAIN>/admin/organizations/overview
  327. [Wed Aug 20 22:59:10.105631 2025] [security2:error] [pid 521:tid 634] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTPik2bSpaditDfl9TgwAAAJc"], referer: https://<MY DOMAIN>/admin/organizations/overview
  328. [Wed Aug 20 22:59:10.111971 2025] [security2:error] [pid 521:tid 634] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTPik2bSpaditDfl9TgwAAAJc"], referer: https://<MY DOMAIN>/admin/organizations/overview
  329. [Wed Aug 20 22:59:10.134629 2025] [security2:error] [pid 521:tid 634] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTPik2bSpaditDfl9TgwAAAJc"], referer: https://<MY DOMAIN>/admin/organizations/overview
  330. [Wed Aug 20 23:00:17.570215 2025] [security2:error] [pid 521:tid 628] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTgSk2bSpaditDfl9TiwAAAJE"], referer: https://<MY DOMAIN>/admin
  331. [Wed Aug 20 23:00:17.573277 2025] [security2:error] [pid 521:tid 628] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTgSk2bSpaditDfl9TiwAAAJE"], referer: https://<MY DOMAIN>/admin
  332. [Wed Aug 20 23:00:17.575963 2025] [security2:error] [pid 521:tid 628] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTgSk2bSpaditDfl9TiwAAAJE"], referer: https://<MY DOMAIN>/admin
  333. [Wed Aug 20 23:00:17.591458 2025] [security2:error] [pid 521:tid 628] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTgSk2bSpaditDfl9TiwAAAJE"], referer: https://<MY DOMAIN>/admin
  334. [Wed Aug 20 23:00:49.971369 2025] [security2:error] [pid 768:tid 795] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZToRuyN3rtG1JqAGJSQgAAAMA"], referer: https://<MY DOMAIN>/admin/diagnostics
  335. [Wed Aug 20 23:00:49.974407 2025] [security2:error] [pid 768:tid 795] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZToRuyN3rtG1JqAGJSQgAAAMA"], referer: https://<MY DOMAIN>/admin/diagnostics
  336. [Wed Aug 20 23:00:49.979084 2025] [security2:error] [pid 768:tid 795] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZToRuyN3rtG1JqAGJSQgAAAMA"], referer: https://<MY DOMAIN>/admin/diagnostics
  337. [Wed Aug 20 23:00:49.996898 2025] [security2:error] [pid 768:tid 795] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZToRuyN3rtG1JqAGJSQgAAAMA"], referer: https://<MY DOMAIN>/admin/diagnostics
  338. [Wed Aug 20 23:01:02.785428 2025] [security2:error] [pid 768:tid 796] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrhuyN3rtG1JqAGJSRQAAAME"], referer: https://<MY DOMAIN>/admin
  339. [Wed Aug 20 23:01:02.789753 2025] [security2:error] [pid 768:tid 796] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrhuyN3rtG1JqAGJSRQAAAME"], referer: https://<MY DOMAIN>/admin
  340. [Wed Aug 20 23:01:02.793579 2025] [security2:error] [pid 768:tid 796] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrhuyN3rtG1JqAGJSRQAAAME"], referer: https://<MY DOMAIN>/admin
  341. [Wed Aug 20 23:01:02.816903 2025] [security2:error] [pid 768:tid 796] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrhuyN3rtG1JqAGJSRQAAAME"], referer: https://<MY DOMAIN>/admin
  342. [Wed Aug 20 23:01:03.851284 2025] [security2:error] [pid 768:tid 810] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrxuyN3rtG1JqAGJSTAAAAM8"], referer: https://<MY DOMAIN>/admin
  343. [Wed Aug 20 23:01:03.853810 2025] [security2:error] [pid 768:tid 810] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrxuyN3rtG1JqAGJSTAAAAM8"], referer: https://<MY DOMAIN>/admin
  344. [Wed Aug 20 23:01:03.856339 2025] [security2:error] [pid 768:tid 810] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrxuyN3rtG1JqAGJSTAAAAM8"], referer: https://<MY DOMAIN>/admin
  345. [Wed Aug 20 23:01:03.879181 2025] [security2:error] [pid 768:tid 810] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZTrxuyN3rtG1JqAGJSTAAAAM8"], referer: https://<MY DOMAIN>/admin
  346. [Wed Aug 20 23:04:01.078679 2025] [security2:error] [pid 768:tid 817] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZUYRuyN3rtG1JqAGJSXwAAANY"], referer: https://<MY DOMAIN>/admin/diagnostics
  347. [Wed Aug 20 23:04:01.081266 2025] [security2:error] [pid 768:tid 817] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZUYRuyN3rtG1JqAGJSXwAAANY"], referer: https://<MY DOMAIN>/admin/diagnostics
  348. [Wed Aug 20 23:04:01.083149 2025] [security2:error] [pid 768:tid 817] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZUYRuyN3rtG1JqAGJSXwAAANY"], referer: https://<MY DOMAIN>/admin/diagnostics
  349. [Wed Aug 20 23:04:01.098866 2025] [security2:error] [pid 768:tid 817] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZUYRuyN3rtG1JqAGJSXwAAANY"], referer: https://<MY DOMAIN>/admin/diagnostics
  350. [Wed Aug 20 23:04:26.076109 2025] [security2:error] [pid 768:tid 797] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZUehuyN3rtG1JqAGJSZgAAAMI"], referer: https://<MY DOMAIN>/
  351. [Wed Aug 20 23:04:26.159032 2025] [security2:error] [pid 768:tid 797] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZUehuyN3rtG1JqAGJSZgAAAMI"], referer: https://<MY DOMAIN>/
  352. [Wed Aug 20 23:12:44.615659 2025] [security2:error] [pid 768:tid 811] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZWbBuyN3rtG1JqAGJSagAAANA"], referer: https://<MY DOMAIN>/
  353. [Wed Aug 20 23:12:44.695356 2025] [security2:error] [pid 768:tid 811] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZWbBuyN3rtG1JqAGJSagAAANA"], referer: https://<MY DOMAIN>/
  354. [Wed Aug 20 23:15:46.965108 2025] [security2:error] [pid 768:tid 816] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXIhuyN3rtG1JqAGJSbQAAANU"]
  355. [Wed Aug 20 23:15:46.967611 2025] [security2:error] [pid 768:tid 816] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXIhuyN3rtG1JqAGJSbQAAANU"]
  356. [Wed Aug 20 23:15:46.970365 2025] [security2:error] [pid 768:tid 816] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXIhuyN3rtG1JqAGJSbQAAANU"]
  357. [Wed Aug 20 23:15:46.982628 2025] [security2:error] [pid 768:tid 816] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXIhuyN3rtG1JqAGJSbQAAANU"]
  358. [Wed Aug 20 23:16:47.409701 2025] [security2:error] [pid 768:tid 812] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXXxuyN3rtG1JqAGJSgwAAANE"], referer: https://<MY DOMAIN>/admin/diagnostics
  359. [Wed Aug 20 23:16:47.411500 2025] [security2:error] [pid 768:tid 812] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXXxuyN3rtG1JqAGJSgwAAANE"], referer: https://<MY DOMAIN>/admin/diagnostics
  360. [Wed Aug 20 23:16:47.414844 2025] [security2:error] [pid 768:tid 812] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXXxuyN3rtG1JqAGJSgwAAANE"], referer: https://<MY DOMAIN>/admin/diagnostics
  361. [Wed Aug 20 23:16:47.448337 2025] [security2:error] [pid 768:tid 812] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZXXxuyN3rtG1JqAGJSgwAAANE"], referer: https://<MY DOMAIN>/admin/diagnostics
  362. [Wed Aug 20 23:20:59.165982 2025] [security2:error] [pid 478:tid 542] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYWi3-XjkXRyKUm_0P8wAAAAQ"], referer: https://<MY DOMAIN>/admin
  363. [Wed Aug 20 23:20:59.168156 2025] [security2:error] [pid 478:tid 542] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYWi3-XjkXRyKUm_0P8wAAAAQ"], referer: https://<MY DOMAIN>/admin
  364. [Wed Aug 20 23:20:59.170452 2025] [security2:error] [pid 478:tid 542] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYWi3-XjkXRyKUm_0P8wAAAAQ"], referer: https://<MY DOMAIN>/admin
  365. [Wed Aug 20 23:20:59.185806 2025] [security2:error] [pid 478:tid 542] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYWi3-XjkXRyKUm_0P8wAAAAQ"], referer: https://<MY DOMAIN>/admin
  366. [Wed Aug 20 23:22:40.789884 2025] [security2:error] [pid 481:tid 570] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYwBGOcExV7TT2MA_e3wAAAEw"], referer: https://<MY DOMAIN>/admin/users/overview
  367. [Wed Aug 20 23:22:40.793137 2025] [security2:error] [pid 481:tid 570] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYwBGOcExV7TT2MA_e3wAAAEw"], referer: https://<MY DOMAIN>/admin/users/overview
  368. [Wed Aug 20 23:22:40.796445 2025] [security2:error] [pid 481:tid 570] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYwBGOcExV7TT2MA_e3wAAAEw"], referer: https://<MY DOMAIN>/admin/users/overview
  369. [Wed Aug 20 23:22:40.811579 2025] [security2:error] [pid 481:tid 570] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZYwBGOcExV7TT2MA_e3wAAAEw"], referer: https://<MY DOMAIN>/admin/users/overview
  370. [Wed Aug 20 23:25:07.861937 2025] [security2:error] [pid 521:tid 623] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZZUyk2bSpaditDfl9TwwAAAIw"], referer: https://<MY DOMAIN>/
  371. [Wed Aug 20 23:25:07.944025 2025] [security2:error] [pid 521:tid 623] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKZZUyk2bSpaditDfl9TwwAAAIw"], referer: https://<MY DOMAIN>/
  372. [Wed Aug 20 23:25:31.109722 2025] [security2:error] [pid 768:tid 802] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZahuyN3rtG1JqAGJSqgAAAMc"], referer: https://<MY DOMAIN>/admin
  373. [Wed Aug 20 23:25:31.113587 2025] [security2:error] [pid 768:tid 802] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZahuyN3rtG1JqAGJSqgAAAMc"], referer: https://<MY DOMAIN>/admin
  374. [Wed Aug 20 23:25:31.115547 2025] [security2:error] [pid 768:tid 802] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZahuyN3rtG1JqAGJSqgAAAMc"], referer: https://<MY DOMAIN>/admin
  375. [Wed Aug 20 23:25:31.132632 2025] [security2:error] [pid 768:tid 802] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZahuyN3rtG1JqAGJSqgAAAMc"], referer: https://<MY DOMAIN>/admin
  376. [Wed Aug 20 23:25:38.893063 2025] [security2:error] [pid 481:tid 580] [client <MY_IP>:0] ModSecurity: Rule 7027b0fa8f00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZchGOcExV7TT2MA_e_QAAAFE"], referer: https://<MY DOMAIN>/admin/diagnostics
  377. [Wed Aug 20 23:25:38.895016 2025] [security2:error] [pid 481:tid 580] [client <MY_IP>:0] ModSecurity: Rule 7027b0f78e68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZchGOcExV7TT2MA_e_QAAAFE"], referer: https://<MY DOMAIN>/admin/diagnostics
  378. [Wed Aug 20 23:25:38.898764 2025] [security2:error] [pid 481:tid 580] [client <MY_IP>:0] ModSecurity: Rule 7027b0f75f00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZchGOcExV7TT2MA_e_QAAAFE"], referer: https://<MY DOMAIN>/admin/diagnostics
  379. [Wed Aug 20 23:25:38.918034 2025] [security2:error] [pid 481:tid 580] [client <MY_IP>:0] ModSecurity: Rule 7027b0f61380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZchGOcExV7TT2MA_e_QAAAFE"], referer: https://<MY DOMAIN>/admin/diagnostics
  380. [Wed Aug 20 23:26:18.297854 2025] [mpm_event:notice] [pid 1:tid 1] AH00492: caught SIGWINCH, shutting down gracefully
  381. [Wed Aug 20 23:26:26.045201 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 14DD414BAD66C4D08788464D7241E29BC412B33E / notbefore: Aug 20 23:26:25 2025 GMT / notafter: Aug 20 23:26:25 2026 GMT]
  382. [Wed Aug 20 23:26:26.045291 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  383. [Wed Aug 20 23:26:26.045373 2025] [security2:notice] [pid 1:tid 1] ModSecurity for Apache/2.9.12 (http://www.modsecurity.org/) configured.
  384. [Wed Aug 20 23:26:26.045380 2025] [security2:notice] [pid 1:tid 1] ModSecurity: APR compiled version="1.7.2"; loaded version="1.7.2"
  385. [Wed Aug 20 23:26:26.045387 2025] [security2:notice] [pid 1:tid 1] ModSecurity: PCRE2 compiled version="10.42 "; loaded version="10.42 2022-12-11"
  386. [Wed Aug 20 23:26:26.045392 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LUA compiled version="Lua 5.3"
  387. [Wed Aug 20 23:26:26.045397 2025] [security2:notice] [pid 1:tid 1] ModSecurity: YAJL compiled version="2.1.0"
  388. [Wed Aug 20 23:26:26.045402 2025] [security2:notice] [pid 1:tid 1] ModSecurity: LIBXML compiled version="2.9.14"
  389. [Wed Aug 20 23:26:26.045407 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Original server signature: Apache/2.4.65 (Unix) OpenSSL/3.0.16
  390. [Wed Aug 20 23:26:26.045412 2025] [security2:notice] [pid 1:tid 1] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
  391. [Wed Aug 20 23:26:26.129911 2025] [ssl:error] [pid 1:tid 1] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / issuer: OU=MyUnit,O=MyOrg,L=NY,ST=NY,C=US,[email protected],CN=localhost / serial: 14DD414BAD66C4D08788464D7241E29BC412B33E / notbefore: Aug 20 23:26:25 2025 GMT / notafter: Aug 20 23:26:25 2026 GMT]
  392. [Wed Aug 20 23:26:26.129949 2025] [ssl:error] [pid 1:tid 1] AH02604: Unable to configure certificate localhost:8443:0 for stapling
  393. [Wed Aug 20 23:26:26.141498 2025] [mpm_event:notice] [pid 1:tid 1] AH00489: Apache/2.4.65 (Unix) OpenSSL/3.0.16 Apache configured -- resuming normal operations
  394. [Wed Aug 20 23:26:26.141594 2025] [core:notice] [pid 1:tid 1] AH00094: Command line: 'httpd -D FOREGROUND'
  395. [Wed Aug 20 23:26:56.397663 2025] [security2:error] [pid 528:tid 611] [client <MY_IP>:0] ModSecurity: Rule 7827d2c7ff00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwHuc_yFnSXpLdvmKJgAAAIA"]
  396. [Wed Aug 20 23:26:56.403638 2025] [security2:error] [pid 528:tid 611] [client <MY_IP>:0] ModSecurity: Rule 7827d2c4fe68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwHuc_yFnSXpLdvmKJgAAAIA"]
  397. [Wed Aug 20 23:26:56.407813 2025] [security2:error] [pid 528:tid 611] [client <MY_IP>:0] ModSecurity: Rule 7827d2c4cf00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwHuc_yFnSXpLdvmKJgAAAIA"]
  398. [Wed Aug 20 23:26:56.434376 2025] [security2:error] [pid 528:tid 611] [client <MY_IP>:0] ModSecurity: Rule 7827d2c38380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwHuc_yFnSXpLdvmKJgAAAIA"]
  399. [Wed Aug 20 23:26:58.298464 2025] [security2:error] [pid 478:tid 530] [client <MY_IP>:0] ModSecurity: Rule 7827d2c7ff00 [id "951190"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "246"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwiujG_nQHYOPNGdLhAAAAAI"]
  400. [Wed Aug 20 23:26:58.300477 2025] [security2:error] [pid 478:tid 530] [client <MY_IP>:0] ModSecurity: Rule 7827d2c4fe68 [id "951210"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "288"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwiujG_nQHYOPNGdLhAAAAAI"]
  401. [Wed Aug 20 23:26:58.303897 2025] [security2:error] [pid 478:tid 530] [client <MY_IP>:0] ModSecurity: Rule 7827d2c4cf00 [id "951220"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "309"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwiujG_nQHYOPNGdLhAAAAAI"]
  402. [Wed Aug 20 23:26:58.321066 2025] [security2:error] [pid 478:tid 530] [client <MY_IP>:0] ModSecurity: Rule 7827d2c38380 [id "951250"][file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "382"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "<MY DOMAIN>"] [uri "/admin"] [unique_id "aKZZwiujG_nQHYOPNGdLhAAAAAI"]
  403. [Thu Aug 21 06:50:09.072891 2025] [security2:error] [pid 691:tid 737] [client 52.204.92.232:0] ModSecurity: Warning. Matched phrase ".git/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.git/config"] [unique_id "aKbBoezKPQteB9ge1xjMlQAAANM"]
  404. [Thu Aug 21 06:50:09.083624 2025] [security2:error] [pid 691:tid 737] [client 52.204.92.232:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.git/config"] [unique_id "aKbBoezKPQteB9ge1xjMlQAAANM"]
  405. [Thu Aug 21 09:16:29.804159 2025] [security2:error] [pid 691:tid 730] [client 20.74.83.27:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env"] [unique_id "aKbj7ezKPQteB9ge1xjM6gAAAMw"]
  406. [Thu Aug 21 09:16:29.815124 2025] [security2:error] [pid 691:tid 730] [client 20.74.83.27:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env"] [unique_id "aKbj7ezKPQteB9ge1xjM6gAAAMw"]
  407. [Thu Aug 21 10:33:20.122610 2025] [security2:error] [pid 528:tid 616] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKb18Huc_yFnSXpLdvmMAwAAAIU"], referer: https://<MY DOMAIN>/
  408. [Thu Aug 21 10:33:20.370672 2025] [security2:error] [pid 528:tid 616] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKb18Huc_yFnSXpLdvmMAwAAAIU"], referer: https://<MY DOMAIN>/
  409. [Thu Aug 21 11:25:37.080998 2025] [security2:error] [pid 528:tid 623] [client <MY_IP>:0] ModSecurity: JSON parsing error: More than 1000 JSON keys [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKcCMXuc_yFnSXpLdvmMLwAAAIw"], referer: https://<MY DOMAIN>/
  410. [Thu Aug 21 11:25:37.333014 2025] [security2:error] [pid 528:tid 623] [client <MY_IP>:0] ModSecurity: Access denied with code 400 (phase 2). Operator GE matched 1000 at ARGS. [file "/etc/modsecurity.d/modsecurity.conf"] [line "47"] [id "200007"] [msg "Failed to fully parse request body due to large argument count"] [severity "CRITICAL"] [hostname "<MY DOMAIN>"] [uri "/api/ciphers/import"] [unique_id "aKcCMXuc_yFnSXpLdvmMLwAAAIw"], referer: https://<MY DOMAIN>/
  411. [Thu Aug 21 17:20:22.531972 2025] [security2:error] [pid 691:tid 738] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "config.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: config.php found within REQUEST_FILENAME: /private/config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/private/config.php"] [unique_id "aKdVVuzKPQteB9ge1xjOHQAAANQ"]
  412. [Thu Aug 21 17:20:22.539221 2025] [security2:error] [pid 691:tid 738] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/private/config.php"] [unique_id "aKdVVuzKPQteB9ge1xjOHQAAANQ"]
  413. [Thu Aug 21 17:20:22.590754 2025] [security2:error] [pid 691:tid 735] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/web/.env"] [unique_id "aKdVVuzKPQteB9ge1xjOHgAAANE"]
  414. [Thu Aug 21 17:20:22.600993 2025] [security2:error] [pid 691:tid 735] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/web/.env"] [unique_id "aKdVVuzKPQteB9ge1xjOHgAAANE"]
  415. [Thu Aug 21 17:20:22.696181 2025] [security2:error] [pid 691:tid 733] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.gitlab-ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.gitlab-ci/.env"] [unique_id "aKdVVuzKPQteB9ge1xjOHwAAAM8"]
  416. [Thu Aug 21 17:20:22.706311 2025] [security2:error] [pid 691:tid 733] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.gitlab-ci/.env"] [unique_id "aKdVVuzKPQteB9ge1xjOHwAAAM8"]
  417. [Thu Aug 21 17:20:22.758871 2025] [security2:error] [pid 691:tid 739] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "wp-config." at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config. found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php.orig"] [unique_id "aKdVVuzKPQteB9ge1xjOIQAAANU"]
  418. [Thu Aug 21 17:20:22.766678 2025] [security2:error] [pid 691:tid 739] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php.orig"] [unique_id "aKdVVuzKPQteB9ge1xjOIQAAANU"]
  419. [Thu Aug 21 17:20:22.832472 2025] [security2:error] [pid 691:tid 740] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.prod"] [unique_id "aKdVVuzKPQteB9ge1xjOIwAAANY"]
  420. [Thu Aug 21 17:20:22.838707 2025] [security2:error] [pid 691:tid 740] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.prod"] [unique_id "aKdVVuzKPQteB9ge1xjOIwAAANY"]
  421. [Thu Aug 21 17:20:22.854530 2025] [security2:error] [pid 691:tid 742] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /config.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/config.env"] [unique_id "aKdVVuzKPQteB9ge1xjOJAAAANg"]
  422. [Thu Aug 21 17:20:22.859525 2025] [security2:error] [pid 691:tid 742] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/config.env"] [unique_id "aKdVVuzKPQteB9ge1xjOJAAAANg"]
  423. [Thu Aug 21 17:20:22.898910 2025] [security2:error] [pid 691:tid 718] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "config.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: config.php found within REQUEST_FILENAME: /api/config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/api/config.php"] [unique_id "aKdVVuzKPQteB9ge1xjOJgAAAMA"]
  424. [Thu Aug 21 17:20:22.905460 2025] [security2:error] [pid 691:tid 718] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/api/config.php"] [unique_id "aKdVVuzKPQteB9ge1xjOJgAAAMA"]
  425. [Thu Aug 21 17:20:22.921027 2025] [security2:error] [pid 691:tid 719] [client 185.177.72.210:0] ModSecurity: Warning. String match within ".ani/ .asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .compositefont/ .config/ .conf/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .scr/ .sct/ .shs/ .sql/ .swp/ .sys/ .tlb/ .tmp/ .url/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1057"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec [hostname "<MY DOMAIN>"] [uri "/configuration.php.bak"] [unique_id "aKdVVuzKPQteB9ge1xjOJwAAAME"]
  426. [Thu Aug 21 17:20:22.932315 2025] [security2:error] [pid 691:tid 719] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/configuration.php.bak"] [unique_id "aKdVVuzKPQteB9ge1xjOJwAAAME"]
  427. [Thu Aug 21 17:20:22.957539 2025] [security2:error] [pid 691:tid 721] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".zshenv" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .zshenv found within REQUEST_FILENAME: /.zshenv"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.zshenv"] [unique_id "aKdVVuzKPQteB9ge1xjOKAAAAMM"]
  428. [Thu Aug 21 17:20:22.965933 2025] [security2:error] [pid 691:tid 721] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.zshenv"] [unique_id "aKdVVuzKPQteB9ge1xjOKAAAAMM"]
  429. [Thu Aug 21 17:20:22.982341 2025] [security2:error] [pid 691:tid 722] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.prod.local"] [unique_id "aKdVVuzKPQteB9ge1xjOKQAAAMQ"]
  430. [Thu Aug 21 17:20:22.989014 2025] [security2:error] [pid 691:tid 722] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.prod.local"] [unique_id "aKdVVuzKPQteB9ge1xjOKQAAAMQ"]
  431. [Thu Aug 21 17:20:23.028633 2025] [security2:error] [pid 691:tid 727] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /src/core/tests/dotenv-files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/src/core/tests/dotenv-files/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOKwAAAMk"]
  432. [Thu Aug 21 17:20:23.035025 2025] [security2:error] [pid 691:tid 727] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/src/core/tests/dotenv-files/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOKwAAAMk"]
  433. [Thu Aug 21 17:20:23.050616 2025] [security2:error] [pid 691:tid 726] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.staging"] [unique_id "aKdVV-zKPQteB9ge1xjOLAAAAMg"]
  434. [Thu Aug 21 17:20:23.055421 2025] [security2:error] [pid 691:tid 726] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.staging"] [unique_id "aKdVV-zKPQteB9ge1xjOLAAAAMg"]
  435. [Thu Aug 21 17:20:23.072057 2025] [security2:error] [pid 691:tid 724] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/kyc/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOLQAAAMY"]
  436. [Thu Aug 21 17:20:23.079588 2025] [security2:error] [pid 691:tid 724] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/kyc/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOLQAAAMY"]
  437. [Thu Aug 21 17:20:23.097540 2025] [security2:error] [pid 691:tid 723] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/development/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOLgAAAMU"]
  438. [Thu Aug 21 17:20:23.107701 2025] [security2:error] [pid 691:tid 723] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/development/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOLgAAAMU"]
  439. [Thu Aug 21 17:20:23.123511 2025] [security2:error] [pid 691:tid 730] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /apis/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/apis/.env.local"] [unique_id "aKdVV-zKPQteB9ge1xjOLwAAAMw"]
  440. [Thu Aug 21 17:20:23.129035 2025] [security2:error] [pid 691:tid 730] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/apis/.env.local"] [unique_id "aKdVV-zKPQteB9ge1xjOLwAAAMw"]
  441. [Thu Aug 21 17:20:23.146695 2025] [security2:error] [pid 691:tid 728] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /phpinfodev.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/phpinfodev.php"] [unique_id "aKdVV-zKPQteB9ge1xjOMAAAAMo"]
  442. [Thu Aug 21 17:20:23.150420 2025] [security2:error] [pid 691:tid 728] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpinfodev.php"] [unique_id "aKdVV-zKPQteB9ge1xjOMAAAAMo"]
  443. [Thu Aug 21 17:20:23.170015 2025] [security2:error] [pid 691:tid 729] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.local"] [unique_id "aKdVV-zKPQteB9ge1xjOMQAAAMs"]
  444. [Thu Aug 21 17:20:23.180891 2025] [security2:error] [pid 691:tid 729] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.local"] [unique_id "aKdVV-zKPQteB9ge1xjOMQAAAMs"]
  445. [Thu Aug 21 17:20:23.198308 2025] [security2:error] [pid 691:tid 731] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env_old"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env_old"] [unique_id "aKdVV-zKPQteB9ge1xjOMgAAAM0"]
  446. [Thu Aug 21 17:20:23.206274 2025] [security2:error] [pid 691:tid 731] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env_old"] [unique_id "aKdVV-zKPQteB9ge1xjOMgAAAM0"]
  447. [Thu Aug 21 17:20:23.223706 2025] [security2:error] [pid 691:tid 734] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "compose.yml" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: compose.yml found within REQUEST_FILENAME: /docker-compose.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/docker-compose.yml"] [unique_id "aKdVV-zKPQteB9ge1xjOMwAAANA"]
  448. [Thu Aug 21 17:20:23.231820 2025] [security2:error] [pid 691:tid 734] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/docker-compose.yml"] [unique_id "aKdVV-zKPQteB9ge1xjOMwAAANA"]
  449. [Thu Aug 21 17:20:23.249156 2025] [security2:error] [pid 691:tid 732] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /local-phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/local-phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjONAAAAM4"]
  450. [Thu Aug 21 17:20:23.251640 2025] [security2:error] [pid 691:tid 732] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /local-phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/local-phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjONAAAAM4"]
  451. [Thu Aug 21 17:20:23.254140 2025] [security2:error] [pid 691:tid 732] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/local-phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjONAAAAM4"]
  452. [Thu Aug 21 17:20:23.254719 2025] [security2:error] [pid 691:tid 732] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/local-phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjONAAAAM4"]
  453. [Thu Aug 21 17:20:23.272343 2025] [security2:error] [pid 691:tid 737] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "wp-config." at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config. found within REQUEST_FILENAME: /wp-config.wp-config.php.swo"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/wp-config.wp-config.php.swo"] [unique_id "aKdVV-zKPQteB9ge1xjONQAAANM"]
  454. [Thu Aug 21 17:20:23.282451 2025] [security2:error] [pid 691:tid 737] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/wp-config.wp-config.php.swo"] [unique_id "aKdVV-zKPQteB9ge1xjONQAAANM"]
  455. [Thu Aug 21 17:20:23.300908 2025] [security2:error] [pid 691:tid 738] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.2"] [unique_id "aKdVV-zKPQteB9ge1xjONgAAANQ"]
  456. [Thu Aug 21 17:20:23.311810 2025] [security2:error] [pid 691:tid 738] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.2"] [unique_id "aKdVV-zKPQteB9ge1xjONgAAANQ"]
  457. [Thu Aug 21 17:20:23.328681 2025] [security2:error] [pid 691:tid 735] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.production.local"] [unique_id "aKdVV-zKPQteB9ge1xjONwAAANE"]
  458. [Thu Aug 21 17:20:23.338945 2025] [security2:error] [pid 691:tid 735] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.production.local"] [unique_id "aKdVV-zKPQteB9ge1xjONwAAANE"]
  459. [Thu Aug 21 17:20:23.362599 2025] [security2:error] [pid 691:tid 733] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /phpcustom_info/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/phpcustom_info/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOAAAAM8"]
  460. [Thu Aug 21 17:20:23.364666 2025] [security2:error] [pid 691:tid 733] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /phpcustom_info/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/phpcustom_info/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOAAAAM8"]
  461. [Thu Aug 21 17:20:23.367852 2025] [security2:error] [pid 691:tid 733] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpcustom_info/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOAAAAM8"]
  462. [Thu Aug 21 17:20:23.368783 2025] [security2:error] [pid 691:tid 733] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpcustom_info/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOAAAAM8"]
  463. [Thu Aug 21 17:20:23.387834 2025] [security2:error] [pid 691:tid 741] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /resources/docker/rediscommander/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/resources/docker/rediscommander/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOOQAAANc"]
  464. [Thu Aug 21 17:20:23.398712 2025] [security2:error] [pid 691:tid 741] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/resources/docker/rediscommander/.env"] [unique_id "aKdVV-zKPQteB9ge1xjOOQAAANc"]
  465. [Thu Aug 21 17:20:23.440999 2025] [security2:error] [pid 691:tid 736] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /help/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/help/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOwAAANI"]
  466. [Thu Aug 21 17:20:23.443794 2025] [security2:error] [pid 691:tid 736] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /help/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/help/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOwAAANI"]
  467. [Thu Aug 21 17:20:23.445217 2025] [security2:error] [pid 691:tid 736] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/help/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOwAAANI"]
  468. [Thu Aug 21 17:20:23.446304 2025] [security2:error] [pid 691:tid 736] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/help/phpinfo.php"] [unique_id "aKdVV-zKPQteB9ge1xjOOwAAANI"]
  469. [Thu Aug 21 17:20:23.465587 2025] [security2:error] [pid 691:tid 740] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /symfony/_profiler/phpinfo"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/symfony/_profiler/phpinfo"] [unique_id "aKdVV-zKPQteB9ge1xjOPAAAANY"]
  470. [Thu Aug 21 17:20:23.471449 2025] [security2:error] [pid 691:tid 740] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/symfony/_profiler/phpinfo"] [unique_id "aKdVV-zKPQteB9ge1xjOPAAAANY"]
  471. [Thu Aug 21 17:20:36.290680 2025] [security2:error] [pid 528:tid 630] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.example"] [unique_id "aKdVZHuc_yFnSXpLdvmNEAAAAJM"]
  472. [Thu Aug 21 17:20:36.300297 2025] [security2:error] [pid 528:tid 630] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.example"] [unique_id "aKdVZHuc_yFnSXpLdvmNEAAAAJM"]
  473. [Thu Aug 21 17:20:36.344142 2025] [security2:error] [pid 528:tid 624] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /phpinfo3.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/phpinfo3.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNEgAAAI0"]
  474. [Thu Aug 21 17:20:36.350599 2025] [security2:error] [pid 528:tid 624] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpinfo3.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNEgAAAI0"]
  475. [Thu Aug 21 17:20:36.368853 2025] [security2:error] [pid 528:tid 629] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/database.yml"] [unique_id "aKdVZHuc_yFnSXpLdvmNEwAAAJI"]
  476. [Thu Aug 21 17:20:36.379936 2025] [security2:error] [pid 528:tid 629] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/database.yml"] [unique_id "aKdVZHuc_yFnSXpLdvmNEwAAAJI"]
  477. [Thu Aug 21 17:20:36.396777 2025] [security2:error] [pid 528:tid 632] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/laravel/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNFAAAAJU"]
  478. [Thu Aug 21 17:20:36.405623 2025] [security2:error] [pid 528:tid 632] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/laravel/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNFAAAAJU"]
  479. [Thu Aug 21 17:20:36.422801 2025] [security2:error] [pid 528:tid 635] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/crm/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNFQAAAJg"]
  480. [Thu Aug 21 17:20:36.431747 2025] [security2:error] [pid 528:tid 635] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/crm/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNFQAAAJg"]
  481. [Thu Aug 21 17:20:36.448782 2025] [security2:error] [pid 528:tid 633] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /File/PHP/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/File/PHP/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNFgAAAJY"]
  482. [Thu Aug 21 17:20:36.450564 2025] [security2:error] [pid 528:tid 633] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /File/PHP/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/File/PHP/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNFgAAAJY"]
  483. [Thu Aug 21 17:20:36.451430 2025] [security2:error] [pid 528:tid 633] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/File/PHP/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNFgAAAJY"]
  484. [Thu Aug 21 17:20:36.451898 2025] [security2:error] [pid 528:tid 633] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/File/PHP/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNFgAAAJY"]
  485. [Thu Aug 21 17:20:36.467041 2025] [security2:error] [pid 528:tid 611] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "secrets.json" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: secrets.json found within REQUEST_FILENAME: /secrets.json"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/secrets.json"] [unique_id "aKdVZHuc_yFnSXpLdvmNFwAAAIA"]
  486. [Thu Aug 21 17:20:36.473951 2025] [security2:error] [pid 528:tid 611] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/secrets.json"] [unique_id "aKdVZHuc_yFnSXpLdvmNFwAAAIA"]
  487. [Thu Aug 21 17:20:36.517066 2025] [security2:error] [pid 528:tid 615] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /_profiler/phpinfo"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/_profiler/phpinfo"] [unique_id "aKdVZHuc_yFnSXpLdvmNGQAAAIQ"]
  488. [Thu Aug 21 17:20:36.524288 2025] [security2:error] [pid 528:tid 615] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/_profiler/phpinfo"] [unique_id "aKdVZHuc_yFnSXpLdvmNGQAAAIQ"]
  489. [Thu Aug 21 17:20:36.539565 2025] [security2:error] [pid 528:tid 634] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /www-data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/www-data/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNGgAAAJc"]
  490. [Thu Aug 21 17:20:36.545509 2025] [security2:error] [pid 528:tid 634] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/www-data/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNGgAAAJc"]
  491. [Thu Aug 21 17:20:36.561999 2025] [security2:error] [pid 528:tid 612] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /phpinfo.php3"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/phpinfo.php3"] [unique_id "aKdVZHuc_yFnSXpLdvmNGwAAAIE"]
  492. [Thu Aug 21 17:20:36.563873 2025] [security2:error] [pid 528:tid 612] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /phpinfo.php3"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/phpinfo.php3"] [unique_id "aKdVZHuc_yFnSXpLdvmNGwAAAIE"]
  493. [Thu Aug 21 17:20:36.564867 2025] [security2:error] [pid 528:tid 612] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpinfo.php3"] [unique_id "aKdVZHuc_yFnSXpLdvmNGwAAAIE"]
  494. [Thu Aug 21 17:20:36.565286 2025] [security2:error] [pid 528:tid 612] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpinfo.php3"] [unique_id "aKdVZHuc_yFnSXpLdvmNGwAAAIE"]
  495. [Thu Aug 21 17:20:36.583016 2025] [security2:error] [pid 528:tid 614] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/cms/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNHAAAAIM"]
  496. [Thu Aug 21 17:20:36.590450 2025] [security2:error] [pid 528:tid 614] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/cms/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNHAAAAIM"]
  497. [Thu Aug 21 17:20:36.606097 2025] [security2:error] [pid 528:tid 616] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /current/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/current/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNHQAAAIU"]
  498. [Thu Aug 21 17:20:36.607075 2025] [security2:error] [pid 528:tid 616] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /current/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/current/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNHQAAAIU"]
  499. [Thu Aug 21 17:20:36.607962 2025] [security2:error] [pid 528:tid 616] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/current/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNHQAAAIU"]
  500. [Thu Aug 21 17:20:36.608750 2025] [security2:error] [pid 528:tid 616] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/current/phpinfo.php"] [unique_id "aKdVZHuc_yFnSXpLdvmNHQAAAIU"]
  501. [Thu Aug 21 17:20:36.630325 2025] [security2:error] [pid 528:tid 617] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /roundcubemail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/roundcubemail/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNHgAAAIY"]
  502. [Thu Aug 21 17:20:36.639890 2025] [security2:error] [pid 528:tid 617] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/roundcubemail/.env"] [unique_id "aKdVZHuc_yFnSXpLdvmNHgAAAIY"]
  503. [Thu Aug 21 17:20:48.385082 2025] [security2:error] [pid 691:tid 719] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /frontend/vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/frontend/vue/.env"] [unique_id "aKdVcOzKPQteB9ge1xjOPgAAAME"]
  504. [Thu Aug 21 17:20:48.393032 2025] [security2:error] [pid 691:tid 719] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/frontend/vue/.env"] [unique_id "aKdVcOzKPQteB9ge1xjOPgAAAME"]
  505. [Thu Aug 21 17:20:48.410044 2025] [security2:error] [pid 691:tid 721] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/apps/.env"] [unique_id "aKdVcOzKPQteB9ge1xjOPwAAAMM"]
  506. [Thu Aug 21 17:20:48.417483 2025] [security2:error] [pid 691:tid 721] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/apps/.env"] [unique_id "aKdVcOzKPQteB9ge1xjOPwAAAMM"]
  507. [Thu Aug 21 17:20:48.434759 2025] [security2:error] [pid 691:tid 722] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "config.json" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: config.json found within REQUEST_FILENAME: /config/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/config/config.json"] [unique_id "aKdVcOzKPQteB9ge1xjOQAAAAMQ"]
  508. [Thu Aug 21 17:20:48.445240 2025] [security2:error] [pid 691:tid 722] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/config/config.json"] [unique_id "aKdVcOzKPQteB9ge1xjOQAAAAMQ"]
  509. [Thu Aug 21 17:20:48.490646 2025] [security2:error] [pid 691:tid 727] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "config.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: config.php found within REQUEST_FILENAME: /config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/config.php"] [unique_id "aKdVcOzKPQteB9ge1xjOQgAAAMk"]
  510. [Thu Aug 21 17:20:48.500654 2025] [security2:error] [pid 691:tid 727] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/config.php"] [unique_id "aKdVcOzKPQteB9ge1xjOQgAAAMk"]
  511. [Thu Aug 21 17:20:48.518864 2025] [security2:error] [pid 691:tid 726] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpversion" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpversion found within REQUEST_FILENAME: /phpversion.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/phpversion.php"] [unique_id "aKdVcOzKPQteB9ge1xjOQwAAAMg"]
  512. [Thu Aug 21 17:20:48.524960 2025] [security2:error] [pid 691:tid 726] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/phpversion.php"] [unique_id "aKdVcOzKPQteB9ge1xjOQwAAAMg"]
  513. [Thu Aug 21 17:20:48.541507 2025] [security2:error] [pid 691:tid 724] [client 185.177.72.210:0] ModSecurity: Warning. String match within ".ani/ .asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .compositefont/ .config/ .conf/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .scr/ .sct/ .shs/ .sql/ .swp/ .sys/ .tlb/ .tmp/ .url/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1057"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec [hostname "<MY DOMAIN>"] [uri "/wp-config.php.bak"] [unique_id "aKdVcOzKPQteB9ge1xjORAAAAMY"]
  514. [Thu Aug 21 17:20:48.542429 2025] [security2:error] [pid 691:tid 724] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "wp-config." at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config. found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php.bak"] [unique_id "aKdVcOzKPQteB9ge1xjORAAAAMY"]
  515. [Thu Aug 21 17:20:48.545617 2025] [security2:error] [pid 691:tid 724] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php.bak"] [unique_id "aKdVcOzKPQteB9ge1xjORAAAAMY"]
  516. [Thu Aug 21 17:20:48.546528 2025] [security2:error] [pid 691:tid 724] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php.bak"] [unique_id "aKdVcOzKPQteB9ge1xjORAAAAMY"]
  517. [Thu Aug 21 17:20:48.563295 2025] [security2:error] [pid 691:tid 723] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo.php" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /tmp/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/tmp/phpinfo.php"] [unique_id "aKdVcOzKPQteB9ge1xjORQAAAMU"]
  518. [Thu Aug 21 17:20:48.564911 2025] [security2:error] [pid 691:tid 723] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "phpinfo" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "339"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: phpinfo found within REQUEST_FILENAME: /tmp/phpinfo.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-PHP"] [tag "capec/1000/152/242"] [hostname "<MY DOMAIN>"] [uri "/tmp/phpinfo.php"] [unique_id "aKdVcOzKPQteB9ge1xjORQAAAMU"]
  519. [Thu Aug 21 17:20:48.566644 2025] [security2:error] [pid 691:tid 723] [client 185.177.72.210:0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 10 at TX:blocking_inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/tmp/phpinfo.php"] [unique_id "aKdVcOzKPQteB9ge1xjORQAAAMU"]
  520. [Thu Aug 21 17:20:48.567543 2025] [security2:error] [pid 691:tid 723] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=5, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/tmp/phpinfo.php"] [unique_id "aKdVcOzKPQteB9ge1xjORQAAAMU"]
  521. [Thu Aug 21 17:20:48.642081 2025] [security2:error] [pid 691:tid 729] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/.env.stage"] [unique_id "aKdVcOzKPQteB9ge1xjOSAAAAMs"]
  522. [Thu Aug 21 17:20:48.650086 2025] [security2:error] [pid 691:tid 729] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/.env.stage"] [unique_id "aKdVcOzKPQteB9ge1xjOSAAAAMs"]
  523. [Thu Aug 21 17:20:48.667600 2025] [security2:error] [pid 691:tid 731] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase "wp-config." at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config. found within REQUEST_FILENAME: /wp-config.php_new"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php_new"] [unique_id "aKdVcOzKPQteB9ge1xjOSQAAAM0"]
  524. [Thu Aug 21 17:20:48.675561 2025] [security2:error] [pid 691:tid 731] [client 185.177.72.210:0] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=10) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=5) - (SQLI=0, XSS=0, RFI=0, LFI=5, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "<MY DOMAIN>"] [uri "/wp-config.php_new"] [unique_id "aKdVcOzKPQteB9ge1xjOSQAAAM0"]
  525. [Thu Aug 21 17:20:48.696061 2025] [security2:error] [pid 691:tid 734] [client 185.177.72.210:0] ModSecurity: Warning. Matched phrase ".env" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "145"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/4.17.1"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [hostname "<MY DOMAIN>"] [uri "/beta/.env"] [unique_id "aKdVcOzKPQteB9ge1xjOSgAAANA"]
  526.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!