On Sun, Jun 9, 2013 at 1:48 AM, Josh Amishav-Zlatin <jam...@owasp.org>wrote:
> On Sat, Jun 8, 2013 at 5:04 AM, Aniyan Rajan <aniyan.raj...@gmail.com>wrote: > >> Hello, >> >> I have added the following to modsecurity_crs_55_marketing.conf. Is this >> okay ? Or is there any conventional method to block more bots ? >> >> SecRule REQUEST_HEADERS:User-Agent "bing(?:bot|ptc)" \ >> "phase:2,rev:'2.2.5',t:none,t:lowercase,block,msg:'Bing robot >> activity',id:'910009',severity:'6'\ >> " >> >> > Hi Aniyan, > > My comment before about not directly editing the CRS rules was mainly > because when you upgrade the rules you'll need to remember all the changes > you made and edit/update the new version as well. While there are several > ways to handle custom rules, I personally use a rules.conf file from which > my custom and CRS rules are included. > Just keep the original tar.gz and before upgrade, just do a directory comparison with a tool. This will fetch the changes in any other configurations too - 10 file. I use meld. I hope that the following will catch two strings 'bingbot' and 'bingptc'. Am I correct ? "bing(?:bot|ptc)" Thanks. Thanks.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
