hi Wesley, I'm not using wordpress, I'm try to protect my application made in Yii framework and its login url looks like this: https://domainname.net/user/user/login/ how can I set brute_force_protected_urls value for this of url ? I tried few ways but it gave me syntax error.
thanks, regards On Thu, Aug 21, 2014 at 9:36 PM, Wesley Render <wren...@otherdata.com> wrote: > In your modsecurity_crs_10_setup.conf file you need to make sure to > uncomment, and define the paths for your login page. You will notice the > first line of the rule is commented out with a regular pound symbol. Then > restart apache. Here is how mine looks. I set it up for WordPress and > Drupal. It has been working well for WordPress brute force attempts: > > > > # > > # -- [[ Brute Force Protection ]] > --------------------------------------------------------- > > # > > # If you are using the Brute Force Protection rule set, then uncomment the > following > > # lines and set the following variables: > > # - Protected URLs: resources to protect (e.g. login pages) - set to your > login page > > # - Burst Time Slice Interval: time interval window to monitor for bursts > > # - Request Threshold: request # threshold to trigger a burst > > # - Block Period: temporary block timeout > > # > > SecAction \ > > "id:'900014', \ > > phase:1, \ > > t:none, \ > > setvar:'tx.brute_force_protected_urls=#/wp-login.php# #/user#', \ > > setvar:'tx.brute_force_burst_time_slice=60', \ > > setvar:'tx.brute_force_counter_threshold=10', \ > > setvar:'tx.brute_force_block_timeout=300', \ > > nolog, \ > > pass" > > > > > > [image: Otherdata_Logo_2011] > > *Wesley Render, IT Consultant, RHCSA* > > Phone: 1.403.228.1221 ext 201 > > www.otherdata.com > > > > [image: findonfacebook] <http://www.facebook.com/otherdata> > > > > > > *From:* owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto: > owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] *On Behalf Of *Sabin > Ranjit > *Sent:* August-21-14 4:17 AM > *To:* owasp-modsecurity-core-rule-set@lists.owasp.org > *Subject:* [Owasp-modsecurity-core-rule-set] crs against brute force not > working > > > > hi, > > im using latest modsecurity rule set and i tried out crs_11_bruteforce > from experimental rule. But its not working for me. I created a shortlink > of it in the activated rules directory, restarted the apache and when i > brute force my web application login page the modsecurity audit log dont > give me any brute force warnings. what could be the problem? Im using burp > suite pro version's intruder for brute forcing. > > can anyone point to helpful resource that i can follow? > > thanks. > > regards > > sabin >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
