y Render
Cc:
owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>
Subject: Re: [Owasp-modsecurity-core-rule-set] crs against brute force not
working
naah!! I tried it, its not working for me. I used the value like that but when
i do brute for
300', \
>
> nolog, \
>
> pass"
>
>
>
>
>
>
>
> [image: Otherdata_Logo_2011]
>
> *Wesley Render, IT Consultant, RHCSA*
>
> Phone: 1.403.228.1221 ext 201
>
> www.otherdata.com
>
>
>
> [image: findonfacebook] <http://www.
security-core-rule-set@lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] crs against brute force not
working
naah!! I tried it, its not working for me. I used the value like that but when
i do brute force attempt in the web application with random username and
password it gives
_threshold=10', \
>
> setvar:'tx.brute_force_block_timeout=300', \
>
> nolog, \
>
> pass"
>
>
>
>
>
> [image: Otherdata_Logo_2011]
>
> *Wesley Render, IT Consultant, RHCSA*
>
> Phone: 1.403.228.1221 ext 201
>
> www.othe
ust-21-14 10:39 AM
To: Wesley Render
Cc: owasp-modsecurity-core-rule-set@lists.owasp.org
Subject: Re: [Owasp-modsecurity-core-rule-set] crs against brute force not
working
hi Wesley,
I'm not using wordpress, I'm try to protect my application made in Yii
framework and its
; *From:* owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:
> owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] *On Behalf Of *Sabin
> Ranjit
> *Sent:* August-21-14 4:17 AM
> *To:* owasp-modsecurity-core-rule-set@lists.owasp.org
> *Subject:* [Owasp-modsecurity-cor
y-core-rule-set-boun...@lists.owasp.org] On Behalf Of
Sabin Ranjit
Sent: August-21-14 4:17 AM
To: owasp-modsecurity-core-rule-set@lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] crs against brute force not working
hi,
im using latest modsecurity rule set and i tried out crs_11_bru
hi,
im using latest modsecurity rule set and i tried out crs_11_bruteforce from
experimental rule. But its not working for me. I created a shortlink of it
in the activated rules directory, restarted the apache and when i brute
force my web application login page the modsecurity audit log dont give