Here is a previous post with an example of using the “exec” action to call up the blacklist_webclient script (which is setuid so it can update IPTable rules, etc…)

 

http://article.gmane.org/gmane.comp.apache.mod-security.user/5128

 

-Ryan

 

From: Dmitri Snytkine [mailto:d.snytkine@gmail.com]
Sent: Tuesday, March 31, 2009 11:25 AM
To: Ryan Barnett
Cc: mod-security-users@lists.sourceforge.net
Subject: Re: [mod-security-users] Need help integrating mod_security with firewall

 

I already have a firewall, I use apf firewall, it has a simple command to add ip to the list, someting like /usr/bin/apf -d 10.12.12.12
where 10.12.12.12 is IP address that will be added.

I just need to know how to execute external command from mod_security and pass the ip address to that command


On Tue, Mar 31, 2009 at 11:22 AM, Ryan Barnett <Ryan.Barnett@breach.com> wrote:

Use the blacklist client from Ivan’s security tools archive - http://www.apachesecurity.net/tools/index.html

 

 

From: Dmitri Snytkine [mailto:d.snytkine@gmail.com]
Sent: Tuesday, March 31, 2009 11:09 AM
To: mod-security-users@lists.sourceforge.net
Subject: [mod-security-users] Need help integrating mod_security with firewall

 

Hello!

This is what I need to do: if mod_security rule is a match, then I want to add the ip address where the request came from to the firewall's block list
The idea is that if someone attempts to post spam to my form, a security rule will catch that using the list of pre-defined spam words and then I want
to add that IP address to firewall so that it will be clocked from accessing my server ever again.

Basically I just need to execute an external command from mod_security when the match occurs and pass IP address to it.

Does anyone know how to do that?