On Mon, Jan 7, 2013 at 7:26 PM, Emmanuel Darko <eda...@promnetwork.com>wrote:
> We do scan our network every other week and this generates the error log > below, we will like to filter it out so we do not get paged for it as It > generates about 3,00 error logs > Hi Emmanuel, There are a number of ways you can handle authorized scanning. You may want to read: http://blog.spiderlabs.com/2010/12/advanced-topic-of-the-week-handling-authorized-scanning-traffic.html -- - Josh > **** > > ** ** > > “Sat Dec 29 14:07:32 2012 [error] [client 10.32.60.6] ModSecurity:Warnig > Operator LT match 20 at TX:inbound_anomaly_score.**** > > "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf:] > [line "31"]**** > > [msg "Inbound Anomaly Score (Total Inbound score: 15, SQLi=, XSS=) : Host > header is a numeric IP address'] [hostname "67.126.8.65"] > [url"/default.jsp"]”**** > > ** ** > > I have read a few blogs on this but want to be sure of the action to be > taken, so if someone can give me an idea which will simplify what I have > read via google.**** > > ** ** > > Thanks**** > > Emma**** > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
