New to mod_security, starter Qs
Hello! I just enabled mod_security and deployed the default config. And now I'm... :confused:
I have a few questions that I couldn't find the answers too. Not sure if this is asking too much, but can't hurt to ask :)
Does mod security display all blocks/access denied/not acceptable actions in the logs? Or do some actions such as 'Not acceptable' occur without your knowledge or making a record?
Also how do I block certain strings in a URL. For example I would like to block INSERTIMPMACROHERE - something automatically adds this to the end of URLs, how would I block all request with this in the URL?
In my htaccess to block a get attack I have the rule below, but it doesn't work globally because I have many htaccess files. So I'd like to add it to mod_security.
RewriteCond %{THE_REQUEST} \?13(\d+){11}\ [NC]
RewriteRule .* - [F]
How would I add that?
Lastly, how do I block all refers from a certain URL? So if someone/bot comes from baddomain.com, I can stop whatever they want to do/
That does sound like a lot to ask! So if anyone can just point me in the right direction maybe that would be a great help too!
Thanks!
-
Hello, cPanel/WHM can only support ModSecurity as far as installation is concerned. Since ModSecurity relies on various rules, and their options, we can not support the rules themselves. However, I recommend that you install the following 3rd party add on called ModSecurity Control [url=http://configserver.com/cp/cmc.html]ConfigServer ModSecurity Control Also, I recommend the ModSec rules from Gotroot.com, and follow the instructions on cPanel installation for people not using ASL. 0 -
Start reading this first: [url=http://www.packtpub.com/article/blocking-common-attacks-using-modsecurity-2.5-part1?utm_source=js_modsecurity_abr4_1109&utm_medium=content&utm_campaign=janice]Blocking Common Attacks using ModSecurity 2.5: Part 1 | Packt Publishing Regards 0
Please sign in to leave a comment.
Comments
2 comments