GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« Finding Zero Days & Reading Your Mind in the Year 2052 | Main | TrustKeeper Scan Engine Update - December 18, 2012 »

18 December 2012

Comments

Ah ha:
$ cat /etc/httpd/modsecurity.d/httpbl.conf
SecHttpBlKey foobarbaz
SecRule TX:REAL_IP|REMOTE_ADDR "@rbl dnsbl.httpbl.org" "id:'99010',chain,phase:1,t:none,capture,block,msg:'HTTPBL Match of Client IP.',logdata:'%{tx.httpbl_msg}',setvar:tx.httpbl_msg=%{tx.0},deny,status:418"
SecRule TX:0 "threat score (\d+)" "chain,capture"
SecRule TX:1 "@gt 20"

SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access',deny,status:406"

I give up, having read the mod_security manual I have no idea how to change the 4 lines given for httpbl so it blocks rather than logs.

SecRule TX:1 "@gt 20" "deny,status:406"

?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment