Thursday, May 24, 2007 6:39 AM, prasetyo wrote:
Saya berkeinginan untuk blok DAP (user yang biasa
pakai DAP) yang biasa download, makanya saya gunakan
iptables l7-filter layer tetapi ketika saya gunakan
iptables hasilnya iptables: Unknown error 4294967295
Gimana ya
Maaf mungkin ga jawab pertanyaannya. Tadi iseng coba-coba masukkin rule di
mod_security -> modsecurity.org.
mod_security.conf
---
SecAuditLog /var/log/httpd/audit_log
SecFilterDefaultAction "deny,log,status:500"
#SecFilterSelective HTTP_USER_AGENT "DA 5.3"
SecFilterSelective HTTP_USER_AGENT "DA "
---
Di windows saya pake DAP 5.3 untuk download.
# cat /var/log/httpd/access_log
---cut---
"http://www.soundrenaline.org/download/"; "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
192.168.100.2 - - [23/May/2007:17:06:05 +0700] "GET /download/ca_setup.exe
HTTP/1.1" 500 670 "http://www.soundrenaline.org/download/"; "DA 5.3"
192.168.100.2 - - [23/May/2007:17:06:07 +0700] "GET /download/ca_setup.exe
HTTP/1.1" 500 670 "http://www.soundrenaline.org/download/"; "DA 5.3"
---cut---
# cat /var/log/httpd/error_log
---cut---
[Wed May 23 17:06:05 2007] [error] [client 192.168.100.2] mod_security:
Access denied with code 500. Pattern match "DA " at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "www.soundrenaline.org"] [uri
"/download/ca_setup.exe"]
[Wed May 23 17:06:07 2007] [error] [client 192.168.100.2] mod_security:
Access denied with code 500. Pattern match "DA " at HEADER("USER-AGENT")
[severity "EMERGENCY"] [hostname "www.soundrenaline.org"] [uri
"/download/ca_setup.exe"]
---cut---
# cat /var/log/httpd/audit_log
---cut---
==62f41a4d==============================
Request: www.soundrenaline.org 192.168.100.2 - - [23/May/2007:17:06:07
+0700] "GET /download/ca_setup.exe HTTP/1.1" 500 670
"http://www.soundrenaline.org/download/"; "DA 5.3" - "-"
----------------------------------------
GET /download/ca_setup.exe HTTP/1.1
Host: www.soundrenaline.org
Accept: */*
User-Agent: DA 5.3
Connection: close
Range: bytes=0-
Referer: http://www.soundrenaline.org/download/
mod_security-message: Access denied with code 500. Pattern match "DA " at
HEADER("USER-AGENT") [severity "EMERGENCY"]
mod_security-action: 500
HTTP/1.1 500 Internal Server Error
Content-Length: 670
Connection: close
Content-Type: text/html; charset=iso-8859-1
--62f41a4d--
---cut---
---
Anton Faisal El - Fasya
--
FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab
Unsubscribe: kirim email ke [EMAIL PROTECTED]
Arsip dan info milis selengkapnya di http://linux.or.id/milis
