Main IP doing attacks on websites

mili

• July 04, 2015 15:47

Hi, The mod-sec is detecting attacks on the websites from the main ip of the server and : SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "phase:logging, id:'981205', t:none, log,noauditlog, pass, tag:'event-correlation', msg:'Outbound Anomaly Score Exceeded (score %{TX.OUTBOUND_ANOMALY_SCORE}): %{tx.msg}'" Help is appreciated

• 

  quizknows

  • July 06, 2015 19:00

  You may want to check the modsec audit log, (/usr/local/apache/logs/modsec_audit.log) as this may be a false positive. Anomaly based rules can be tricky.

  0
• 

  cPanelMichael

  • July 15, 2015 15:06

  The mod-sec is detecting attacks on the websites from the main ip of the server

  
  Hello :) Were you able to review the /usr/local/apache/logs/modsec_audit.log file for additional information? Thank you.

  0

Please sign in to leave a comment.