Security Advisories

Trustwave Press Releases

« Finding Zero Days & Reading Your Mind in the Year 2052 | Main | TrustKeeper Scan Engine Update - December 18, 2012 »

18 December 2012


Ah ha:
$ cat /etc/httpd/modsecurity.d/httpbl.conf
SecHttpBlKey foobarbaz
SecRule TX:REAL_IP|REMOTE_ADDR "@rbl" "id:'99010',chain,phase:1,t:none,capture,block,msg:'HTTPBL Match of Client IP.',logdata:'%{tx.httpbl_msg}',setvar:tx.httpbl_msg=%{tx.0},deny,status:418"
SecRule TX:0 "threat score (\d+)" "chain,capture"
SecRule TX:1 "@gt 20"

SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access',deny,status:406"

I give up, having read the mod_security manual I have no idea how to change the 4 lines given for httpbl so it blocks rather than logs.

SecRule TX:1 "@gt 20" "deny,status:406"


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)