Re: [mod-security-users] Blocking based on content posted
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Blocking based on content posted
|
From: Jamuse <ja...@gm...> - 2010-09-26 06:31:45
|
On Sun, Sep 26, 2010 at 4:47 AM, Michael Warchut <mwa...@co...>wrote: > I have a website that has a contact page on it that can reach out 20k or so > members individually. Lately spammers have been posting to that page to > each member individually. It is always the same message to each of them. > Is there an easy way to block this restricting it to the know posting URL > and by scanning the posting for a know value that shows up every time. Like > an email address per se. > Hi Michael, Say for example the email address was att...@ex..., something like the following rule should work: SecRule ARGS "att...@ex..." phase:2,t:none,t:lowercase,t:compressWhitespace,deny You could further tighten this up to only look in the appropriate parameter name as well. -- - Josh |
