Hi All, I would like to know more about the experimental rules related to the following rules.
modsecurity_crs_11_brute_force.conf modsecurity_crs_11_dos_protection.conf modsecurity_crs_11_slow_dos_protection.conf As per my knowledge, these rules should block the users when the conditions mentioned in the modsecurity_crs_10_config.conf file are met. I am trying to simulate the dos attack by modifying the properties as mentioned below but my IP is not getting blocked even after multiple tries. SecAction \ "id:'900015', \ phase:1, \ t:none, \ setvar:'tx.dos_burst_time_slice=40', \ setvar:'tx.dos_counter_threshold=3', \ setvar:'tx.dos_block_timeout=20', \ nolog, \ pass" Am I missing anything or is blocking dependent on any other properties? Mod security is 'On' and not in detection mode. Environment is unix and the required conf files are added in the httpd.conf. Have not modified anything in modsecurity_crs_11_dos_protection.conf file. I am new to mod security rules, so any information would be of great help. >From the logs I am able to see the following lines. Tried to print the dos counter value but nothing is being displayed. Message: Warning. Match of "rx \\.(jpe?g|png|gif|js|css|ico)$" against "REQUEST_BASENAME" required. [file "/etc/httpd/modsecurity-crs/experimental_rules/modsecurity_crs_11_dos_protection.conf"] [line "30"] [id "981047"] [msg "counter is "] Regards, Deepak.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
