Re: [Mod-security-developers] Configuring Denial of Service Attack Detection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Configuring Denial of Service Attack Detection
|
From: Ryan B. <RBa...@tr...> - 2011-04-25 21:34:58
|
Please sign up and post this message to the main mod-security-users list - http://lists.sourceforge.net/lists/listinfo/mod-security-users -- Ryan Barnett Senior Security Researcher Trustwave – SpiderLabs From: "Abdullah, Ayub" <Ayu...@tt...<mailto:Ayu...@tt...>> Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Date: Mon, 25 Apr 2011 09:20:50 -0500 To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: [Mod-security-developers] Configuring Denial of Service Attack Detection Good Morning, We are currently using Mod_security 2.5.13 /CRS 2.10 in our environment and we were under the impression that Denial of service attacks was a newly added feature that allows this functionality. Well we have been running into all sorts of problems getting this set up correctly. At the moment we have enabled xforwarding for on our proxy servers which gives us the ability to identify offending IPs that are attacking us. We would like defend against these denial of service attacks using mod_security and the httpd-guardian tool. >From what I have read and assuming httpdguardian is already configured, we only need to add one line to the Apache configuration to deploy it: SecGuardianLog |/path/to/httpd-guardian When I insert the above line it blocks all IPs to the site. How do I configure this to blacklist just the offending IP? Thanks, Ayub ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
