[mod-security-users] excessive logging in collaborative blocking mode
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] excessive logging in collaborative blocking mode
|
From: Ellison M. <em...@sc...> - 2013-11-13 02:48:24
|
I'm trying to set up mod_security with the CRS on a fairly high traffic site, which gets a lot of both legitimate and illegitimate traffic. I'm currently running in detection only mode with both log and auditlog, and I'm fairly happy with what's being flagged as illegitimate(after some tweaking). The problem is, even with legitimate traffic, there are things like protocol violations, or urls with special characters that proc some rules but don't break the collaborative threshold, which are logged as being LT the threshold. Hundreds of entries every few seconds. I'm wondering if I should remove rule 981203 which appears to be responsible for the LT logging, or is there something I'm missing that can make this more reasonable. -- Sincerely, Ellison Ellison Marks Scratchspace Inc. (831) 621-7928 http://www.scratchspace.com |
