Re: [mod-security-users] Collections_remove_stale: Failed deleting collection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Collections_remove_stale: Failed deleting collection
|
From: Rainer J. <rai...@ki...> - 2015-08-25 09:45:30
|
Am 25.08.2015 um 10:47 schrieb Sophie Loewenthal: > Hi Barry, > > Thank you for your well penned reply. > > For an quick fix, I have put the directory into a ram disc, and > shall run some pruning methods from cron. > > Your other suggestion require I spend more time on how I should > differentiate between static and dynamic content, although I doubt any > static is requested because this is a soap gateway. Looking anyway :) > > How else could I reduce modsec traffic? If I could wrap this code > up into a LocationMatch and place inside a vhost entry, maybe this could > help. > > Management would like a list of potential offenders by IP. > How could I adapt this code to add logging of IP and or request into a > file? I looked at SecAuditLogParts and enabling everything I could not > see of it hit a rule. Currently this runs in detection mode. > I have logging enabled on this rule: > SecRule IP:SOMEPATHCOUNTER "@gt 120" > "phase:2,pause:100,deny,status:509,setenv:RATELIMITED,skip:1,log,id:10000003,msg:Sophie_10000003" > But would like an IP address logged when it was sent a 509 status message. > Still reading > https://www.feistyduck.com/library/modsecurity-handbook-free/online/ch04-logging.html > ! Since 509 is very specific, why not taking the IP from the normal access log of the web server? Regards, Rainer |
