headers
Danett song | 2 Nov 01:17
Picon
Favicon

Problem at BSN webcast and rule in ModSecurity2_Webcast_Jan2007.pdf.

Hi guys,

Today I accessed the BSN and was reading the
documentation called ModSecurity2_Webcast_Jan2007.pdf,
it's really nice. I tried one of the examples showed:

#
Other rules
#

#Blocking users by time
SecDataDir /var/tmp

SecAction initcol:ip=%{REMOTE_ADDR},nolog,pass
SecRule IP:BLOCKED "@gt 0"

SecRule REQUEST_URI "^(/news\.php)"
"chain,pass,log,setvar:ip.score=+15,id:1111,severity:4,msg:'Positive
Model - testing block.'"
SecRule ARGS_NAMES "!^(id)$"

SecRule IP:SCORE "@ge 30"
"setvar:ip.blocked=3600,deprecatevar:ip.blocked=1/1"

#
Other rules
#

However it doesn't work properly, it trigger this
errors in log in EVERY page that I access:
(Continue reading)

Permalink | Reply |
headers
Ryan Barnett | 2 Nov 13:22

Re: Problem at BSN webcast and rule inModSecurity2_Webcast_Jan2007.pdf.

Hey Danett.  I am glad that you found the webcast info useful :)  If you
are interested in using persistent collections, then you should take a
look at the Cool Rules webcast as it has some better examples.

Comments inline below.

-- 
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache 

> -----Original Message-----
> From: mod-security-users-bounces <at> lists.sourceforge.net [mailto:mod-
> security-users-bounces <at> lists.sourceforge.net] On Behalf Of Danett song
> Sent: Thursday, November 01, 2007 8:18 PM
> To: mod-security-users <at> lists.sourceforge.net
> Subject: [mod-security-users] Problem at BSN webcast and rule
> inModSecurity2_Webcast_Jan2007.pdf.
> 
> Hi guys,
> 
> Today I accessed the BSN and was reading the
> documentation called ModSecurity2_Webcast_Jan2007.pdf,
> it's really nice. I tried one of the examples showed:
> 
> #
(Continue reading)

Permalink | Reply |

Gmane