Re: [mod-security-users] Help wanted in writing a rule
Brought to you by:
victorhora,
zimmerletw
From: Dick S. <di...@sc...> - 2006-06-18 08:50:29
|
Ivan, There are no logs in the log file about access to that script. Although I have a lot of rules, also the anti form spam ones. The file is called responder.cgi and is in the cgi-bin folder. It is used to sign up for newsletters on our website. I'd just like to block passing my core domain name to this script. Another question: in the logs I see access to viewtopic.php (phpbb forum), but the error code is 403 and not the defined 412 error code in case it is a mod security violation. Why is not error 412 shown? Dick "Ivan Ristic" <iva...@gm...> schrieb im Newsbeitrag news:1f9...@ma...... > On 6/16/06, Dick Schiferli <di...@sc...> wrote: >> Hi, >> >> I'd like to add a rule that filters a particular internal domain name we >> are >> using. We've noticed that hackers try to misuse a script by sending email >> addresses with this internal domain to it in the hope it will send out >> their >> spam stuff. The attempt is blocked but the app saves this as a "bounced >> email" and clogs up the blacklist. >> >> How would a rule look like to do that? > > It's difficult to tell because your description is very high level. > How exactly are the hackers trying to misuse the script? Send us an > audit log entry, or a link to the script, or something like that. > > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > ModSecurity: Open source Web Application Firewall |