Hi,
I need to add to my local rules exceptions for theses 2 recurring problems :
Rule: 31533 (level 10) -> 'High amount of POST requests in a small period
of time (likely bot).'
""POST /socket.io/?EIO=3&transport=p....
Rule: 31533 fired (level 10) -> "High amount of POST requests in a small
period of time (likely bot)."
"POST
/index.php?date=yesterday&module=Live&action=getLastVisitsStart&segment=&idSite=1&period=day
For the first on, I have added :
<rule id="100014" level="0">
<if_sid>31533</if_sid>
<url>^/socket.io/</url>
<description>Ignoring Humhub Polls module activation events, phpMyAdmin
and HackMd (socket.io).</description>
</rule>
But it doesn't work...
And for the second one, as it starts with /index.php I don't know what to
put.
An idea ?
Thanks a lot for your help,
Marc.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
