Hi, I need to add to my local rules exceptions for theses 2 recurring problems :
Rule: 31533 (level 10) -> 'High amount of POST requests in a small period of time (likely bot).' ""POST /socket.io/?EIO=3&transport=p.... Rule: 31533 fired (level 10) -> "High amount of POST requests in a small period of time (likely bot)." "POST /index.php?date=yesterday&module=Live&action=getLastVisitsStart&segment=&idSite=1&period=day For the first on, I have added : <rule id="100014" level="0"> <if_sid>31533</if_sid> <url>^/socket.io/</url> <description>Ignoring Humhub Polls module activation events, phpMyAdmin and HackMd (socket.io).</description> </rule> But it doesn't work... And for the second one, as it starts with /index.php I don't know what to put. An idea ? Thanks a lot for your help, Marc. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.