subject:"\[Owasp\-modsecurity\-core\-rule\-set\] Post with 200"

Re: [Owasp-modsecurity-core-rule-set] Post with 200

2014-07-18 Thread Delia Lunsford

So this one rule will protect all wordpress sites on the server? If the forward slash is in front of the wp-login.php - doesn't that mean in the root or is it any wp-login.php anywhere? SecRule REQUEST_METHOD "@streq POST" "chain,id:'1',phase:2,t:none,block,log,msg:'Warning: Direct Login Missing

Re: [Owasp-modsecurity-core-rule-set] Post with 200

2014-07-18 Thread Ryan Barnett

See this blog post - http://blog.spiderlabs.com/2013/04/defending-wordpress-logins-from-brute-force-attacks.html Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com On Jul 18, 2014, at 7:31 AM, "Aniyan Rajan"

[Owasp-modsecurity-core-rule-set] Post with 200

2014-07-18 Thread Aniyan Rajan

Hello, I am getting the following in my /var/log/apache2/access.log. It is an attack I believe, as it has "http://";. Please correct me if I am wrong. They have correctly identified my domain name also. Is it possible to prevent these by installing and configuring modsecurity ? Please suggest

Re: [Owasp-modsecurity-core-rule-set] Post with 200

Re: [Owasp-modsecurity-core-rule-set] Post with 200

[Owasp-modsecurity-core-rule-set] Post with 200

3 matches

Site Navigation

Mail list logo

Footer information