Hi all,
I have a site which is routinely scanned both internally and by
external service.
I want to have mod_security running and intervening but don't want any
of the associated log noise, the scans originate from known IPs and
have known User agents etc so I can easily identify them.
So far I h
Hi Paul,
in which phase are you putting your ctl:auditEngine=off rule?
The ModSecurity default phase is 2. You might want to turn off the
audit-logging as soon as possible, so putting your rule into phase 1
and moving it to the very beginning should solve your problem.
Best regards,
Chris
This blog post describes a new script that we just added to the CRS SVN repo
/util directory which will auto-create virtual patches from XML data from the
Arachni web application security scanner framework tool -
http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-automated
On 8/18/11 3:21 AM, "Paul McGarry" wrote:
>Hi all,
>
>I have a site which is routinely scanned both internally and by
>external service.
>I want to have mod_security running and intervening but don't want any
>of the associated log noise, the scans originate from known IPs and
>have known User a
On 8/18/11 1:15 AM, "Paul McGarry" wrote:
>Thanks for the feedback.
>
>On Wed, Aug 17, 2011 at 10:36 PM, Ryan Barnett
>wrote:
>> Thanks for the feedback Paul. FYI - you can review some of the
>>reference
>
>> For the specific rule you mentioned - 981242 - this is a converted
>>phpids
>
>Incide
I think there is a bug that won't allow us to omit log entries to the audit
log. In my case, I tried several different phases and crs files as you can
see below:
in modsecurity_crs_48_local_exceptions.conf AND I tried
modsecurity_crs_15_customrules.conf
- SecRule REQUEST_HEADERS:User-Agent "pi
I am a total newby. How can I block an IP for a while, if, for
example, critical anomaly score reaches some point?
Anna
___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/lis
