All, Anything more on this?
Thanks. Dimitri On Tuesday 04 January 2011 4:22:20 pm Dimitri Yioulos wrote: > The value in the 10 config file is the default: > > SecAction > "phase:1,t:none,nolog,pass,setvar:tx.inbound_an >omaly_score_level=5" SecAction > "phase:1,t:none,nolog,pass,setvar:tx.outbound_a >nomaly_score_level=4" > > Dimitri > > > On Tuesday 04 January 2011 4:03:31 pm Ryan > Barnett > > wrote: > > The alerts say that there was a user-agent > > string match (mozilla 4.0( ) with the comment > > spam rules. This match raised the > > tx.inbound_anomaly_score to 3. What do you > > have this value set to in the 10 config file? > > By default the blocking level is 5. > > > > -- > > Ryan Barnett > > > > On Jan 4, 2011, at 3:46 PM, Dimitri Yioulos > > <[email protected]> wrote: > > > On Tuesday 04 January 2011 3:21:41 pm you > > wrote: > > >> On Tue, Jan 4, 2011 at 10:01 PM, Dimitri > > >> Yioulos > > > > > > <[email protected]> wrote: > > >>> Did I forget something in setting up > > >>> Anomoly Scoring Detection Mode, or > > >>> misconfigure something? > > >> > > >> Hi Dimitri, > > >> > > >> What do the logs say? > > >> > > >> -- > > >> - Josh > > > > > > Josh, > > > > > > I'm not great at deciphering the log > > > messages that modsec generates. I think > > > I've captured some relevant data, and put > > > it here: > > > > > > http://pastebin.com/kCQ9i8p4 > > > > > > Dimitri > > > > > > -- > > > This message has been scanned for viruses > > > and dangerous content by MailScanner, and > > > is believed to be clean. > > > > > > ___________________________________________ > > >__ __ Owasp-modsecurity-core-rule-set > > > mailing list > > > [email protected] > > >.o rg > > > https://lists.owasp.org/mailman/listinfo/ow > > >as p-modsecurity-core-rule-set -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
