Skip to main content

OWASP modsecurity: Activate DoS Rule

Comments

4 comments

  • cPanelMichael
    Hello :) 1. The OWASP individual rules are enabled or disabled through WHM. You can click on "Edit" next to the OWASP rules list in: "WHM Home " Security Center " ModSecurity" Vendors" You don't have to modify the configuration file from the command line. 2. You may want to utilize a third-party firewall management utility such as CSF if you want to implement these types of firewall rules. Thank you.
    0
  • prakashnplink
    You mean to say that I do not have to remove "#" tag from modsecurity_crs_10_setup.conf , right? But the OWASP rules didn't work at all to stop brute force attack. :confused:I already have csf in server and LF_MODSEC=5. Let's say I want to stop brute force attack on wp-login.php and /administrator/index.php, can I add like following
    SecAction "id:'900014', phase:request, nolog, pass, t:none, setvar:'tx.brute_force_protected_urls=/wp-login.php', setvar:'tx.brute_force_burst_time_slice=60', setvar:'tx.brute_force_counter_threshold=2', setvar:'tx.brute_force_block_timeout=300'"
    0
  • quizknows
    If the beginning of a line starts with a pound sign (#) then it is considered a "comment" and is not treated as code. "uncommenting" refers to removing that character, basically "activating" that line of code. So yes, you would have to remove the "#" character for the rule to be active (also you have to restart Apache). It is likely you could modify the rule for the proper URL(s) as you are suggesting. I would advise, however, leaving the rule "commented out" in the main file if that is how it comes, and rather copy the rule uncommented to modsec2.user.conf with your modifications. This way, when the OWASP rules update, your changes will not be over-written.
    0
  • prakashnplink
    Thanks for your brief description about # sign, quizknows
    0

Please sign in to leave a comment.