hi,
im using latest modsecurity rule set and i tried out crs_11_bruteforce from
experimental rule. But its not working for me. I created a shortlink of it
in the activated rules directory, restarted the apache and when i brute
force my web application login page the modsecurity audit log dont give
Hello,
the third-to-last branch in rule 981245 in
modsecurity_crs_41_sql_injection_attacks.conf matches things like
©somename.jpg. Is that intended? It doesn't look much like an SQL
injection to me and names like these unfortunately occur quite
frequently on our servers. I can of course modify
In your modsecurity_crs_10_setup.conf file you need to make sure to uncomment,
and define the paths for your login page. You will notice the first line of
the rule is commented out with a regular pound symbol. Then restart apache.
Here is how mine looks. I set it up for WordPress and Drupal.
I believe you would just set yours like this (Just include the URL after the
domain name)….
#
# -- [[ Brute Force Protection ]]
-
#
# If you are using the Brute Force Protection rule set, then uncomment the
following
# lines and
naah!! I tried it, its not working for me. I used the value like that but
when i do brute force attempt in the web application with random username
and password it gives me nothing in the mod audit log. I'm using burp suit
pro intruder for testing.
Have you tried it besides wordpress? Wonder what