Hello, I have used modsecurity rule list for cpanel and installed OWASP vendor through WHM. There are rules which we can turn OFF and ON. I have turned all rules ON. My question is how to turn ON brute force attack prevention mode because I do not see it in OWASP vendor rules for cpanel ( https://documentation.cpanel.net/display/CKB/OWASP%20ModSecurity%20CRS)?
Can anyone tell me if below is the correct method to prevent brute force attack in cpanel for WordPress and Joomla websites. 1. Go to https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/master/experimental_rules and copy modsecurity_crs_11_brute_force.conf <https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/experimental_rules/modsecurity_crs_11_brute_force.conf> to /usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/ 2. load the file in /usr/local/apache/conf/modsec2.cpanel.conf 3. open following file and edit # vi /usr/local/apache/conf/modsec_vendor_configs/OWASP/modsecurity_crs_10_setup.conf replace following SecAction "id:'900014', phase:request, nolog, pass, t:none, setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#'', setvar:'tx.brute_force_burst_time_slice=60', setvar:'tx.brute_force_counter_threshold=10', setvar:'tx.brute_force_block_timeout=300'" with SecAction "id:'900014', phase:request, nolog, pass, t:none, setvar:'tx.brute_force_protected_urls=#/wp-login.php# #/administrator/index.php#'', setvar:'tx.brute_force_burst_time_slice=60', setvar:'tx.brute_force_counter_threshold=5', setvar:'tx.brute_force_block_timeout=300'" restart apache ADDITIONAL QUESTIONS: 1. so in tx.brute_force_protected_urls= is ''#" used as separator? tx.brute_force_protected_urls=#login1.php# #login2.php# #login3.php# #login4.php# FYI: I have implemented as above but it didn't worked. :) waiting for reply....
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
