Re: [mod-security-users] core rules
Brought to you by:
victorhora,
zimmerletw
From: marty <ma...@go...> - 2008-07-13 17:50:16
|
> I am not sure what are you looking for. The core rules block immediately, > there is no waiting, and ModSecurity enables only either drop (TCP FIN) or > deny (Error status response). Maybe you refer to a missing ModSecurity > behavior? One thing that ModSecurity does not have is a real "drop" that > responds with nothing. Would this help you? > I have seen mod in action for a long time. and have replaced every deny with drop, but of course that still sends a response. That leaves me to employ other tricks to tear down the connection immediately via the exec function. Expensive kludge that is not always timely. When I say 'drop' I expect a real drop, not more TCP traffic. Any response at all gives the attacker information. Thanks Marty B. -- Electile Dysfunction : the inability to become aroused over any of the choices for President put forth by either party in the 2008 election. |