Hi guys,
I need your help to override one of the built in rules (I prefer to
override than to edit the built-in rules to make upgrading easier).
There is an Apache rule that I find way too extreme:
<rule id="30109" level="9">
<if_sid>30101</if_sid>
<regex>user \S+ not found</regex>
<description>Attempt to login using a non-existent user.</
description>
<group>invalid_login,</group>
</rule>
It causes an active-reponse the FIRST time a user makes a mistake
with his username. I want to change it to 5 tries.
So I added to my "local_rules.xml" file:
<group name="apache,">
<rule id="30109" level="5">
<if_sid>30101</if_sid>
<regex>user \S+ not found</regex>
<description>Attempt to login using a non-existent user.</
description>
<group>invalid_login,</group>
</rule>
<rule id="100301" level="9" frequency="5" timeframe="120">
<if_matched_sid>30109</if_matched_sid>
<regex>user \S+ not found</regex>
<description>Attempt to login using a non-existent
user.</description>
<group>invalid_login,</group>
</rule>
</group> <!-- ERROR_LOG,APACHE -->
But this does not work. The built-in apache rule get called instead
of mi "override". So far I have only been able to make it work by
deleting the rule from the apache.xml file.
Does anyone know I can accomplish this without editing any of the
built-in files?
Thanks,
Charles
____________________________________________________
Institut Balear de Comunicacions, S.L.
Gremio Tejedores 22, 1
07009 Palma de Mallorca, Spain
Tel: +34 971.45.90.99 | Mobile: +34 607.87.12.77
Fax: +34 971.43.08.18 | E-mail: [EMAIL PROTECTED]
URL: http://www.ibacom.es/
____________________________________________________
