Re: [Mod-security-developers] Configuring Denial of Service Attack Detection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Configuring Denial of Service Attack Detection
|
From: Abdullah, A. <Ayu...@tt...> - 2011-04-26 15:24:47
|
Yes, I posted the message and I received the following highlighted email which has nothing to do with the issue that I am having:
-----Original Message-----
From: Breno Silva Pinto (JIRA) [mailto:no...@mo...]
Sent: Monday, April 25, 2011 3:09 PM
To: mod...@li...
Subject: [Mod-security-developers] [JIRA] Resolved: (MODSEC-233) decodeBase64Ext does not follow naming convention
[ https://www.modsecurity.org/tracker/browse/MODSEC-233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Breno Silva Pinto resolved MODSEC-233.
--------------------------------------
Resolution: Fixed
Yes. It was already fixed for rc2.
Thanks
> decodeBase64Ext does not follow naming convention
> -------------------------------------------------
>
> Key: MODSEC-233
> URL: https://www.modsecurity.org/tracker/browse/MODSEC-233
> Project: ModSecurity
> Issue Type: Improvement
> Security Level: Normal
> Reporter: Ivan Ristic
> Assignee: Breno Silva Pinto
> Fix For: 2.6.0
>
>
> The name of the decodeBase64Ext transformation function does not follow the naming convention. The names of all other transformation functions end with "Decode", including the previously-existing base64Decode. decodeBase64Ext should be called base64DecodeExt.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
mod-security-developers mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php
-----Original Message-----
From: Ryan Barnett [mailto:RBa...@tr...]
Sent: Monday, April 25, 2011 5:35 PM
To: mod...@li...
Subject: Re: [Mod-security-developers] Configuring Denial of Service Attack Detection
Please sign up and post this message to the main mod-security-users list -
http://lists.sourceforge.net/lists/listinfo/mod-security-users
--
Ryan Barnett
Senior Security Researcher
Trustwave - SpiderLabs
From: "Abdullah, Ayub" <Ayu...@tt...<mailto:Ayu...@tt...>>
Reply-To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>>
Date: Mon, 25 Apr 2011 09:20:50 -0500
To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>>
Subject: [Mod-security-developers] Configuring Denial of Service Attack Detection
Good Morning,
We are currently using Mod_security 2.5.13 /CRS 2.10 in our environment and we were under the impression that Denial of service attacks was a newly added feature that allows this functionality. Well we have been running into all sorts of problems getting this set up correctly. At the moment we have enabled xforwarding for on our proxy servers which gives us the ability to identify offending IPs that are attacking us. We would like defend against these denial of service attacks using mod_security and the httpd-guardian tool.
>From what I have read and assuming httpdguardian is already configured, we only need to add one line to the Apache configuration to deploy it:
SecGuardianLog |/path/to/httpd-guardian
When I insert the above line it blocks all IPs to the site. How do I configure this to blacklist just the offending IP?
Thanks,
Ayub
________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
mod-security-developers mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php
|
