The value in the 10 config file is the default: SecAction "phase:1,t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=5" SecAction "phase:1,t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=4"
Dimitri On Tuesday 04 January 2011 4:03:31 pm Ryan Barnett wrote: > The alerts say that there was a user-agent > string match (mozilla 4.0( ) with the comment > spam rules. This match raised the > tx.inbound_anomaly_score to 3. What do you have > this value set to in the 10 config file? By > default the blocking level is 5. > > -- > Ryan Barnett > > On Jan 4, 2011, at 3:46 PM, Dimitri Yioulos <[email protected]> wrote: > > On Tuesday 04 January 2011 3:21:41 pm you wrote: > >> On Tue, Jan 4, 2011 at 10:01 PM, Dimitri > >> Yioulos > > > > <[email protected]> wrote: > >>> Did I forget something in setting up > >>> Anomoly Scoring Detection Mode, or > >>> misconfigure something? > >> > >> Hi Dimitri, > >> > >> What do the logs say? > >> > >> -- > >> - Josh > > > > Josh, > > > > I'm not great at deciphering the log messages > > that modsec generates. I think I've captured > > some relevant data, and put it here: > > > > http://pastebin.com/kCQ9i8p4 > > > > Dimitri > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > _____________________________________________ > >__ Owasp-modsecurity-core-rule-set mailing > > list > > [email protected] > >rg > > https://lists.owasp.org/mailman/listinfo/owas > >p-modsecurity-core-rule-set -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
