Re: [mod-security-users] Collections_remove_stale: Failed deleting collection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Collections_remove_stale: Failed deleting collection
|
From: Sophie L. <sop...@tr...> - 2015-08-25 10:02:26
|
Hi Rainer , >> Since 509 is very specific, why not taking the IP from the normal access log of the web server? Mod_Sec is running in Detection Only mode. Would this be logged in the access log? Sophie On 8/25/2015 11:27 AM, Rainer Jung wrote: > Am 25.08.2015 um 10:47 schrieb Sophie Loewenthal: >> Hi Barry, >> >> Thank you for your well penned reply. >> >> For an quick fix, I have put the directory into a ram disc, and >> shall run some pruning methods from cron. >> >> Your other suggestion require I spend more time on how I should >> differentiate between static and dynamic content, although I doubt any >> static is requested because this is a soap gateway. Looking anyway :) >> >> How else could I reduce modsec traffic? If I could wrap this code >> up into a LocationMatch and place inside a vhost entry, maybe this could >> help. >> >> Management would like a list of potential offenders by IP. >> How could I adapt this code to add logging of IP and or request into a >> file? I looked at SecAuditLogParts and enabling everything I could not >> see of it hit a rule. Currently this runs in detection mode. >> I have logging enabled on this rule: >> SecRule IP:SOMEPATHCOUNTER "@gt 120" >> "phase:2,pause:100,deny,status:509,setenv:RATELIMITED,skip:1,log,id:10000003,msg:Sophie_10000003" >> But would like an IP address logged when it was sent a 509 status message. >> Still reading >> https://www.feistyduck.com/library/modsecurity-handbook-free/online/ch04-logging.html >> ! > Since 509 is very specific, why not taking the IP from the normal access > log of the web server? > > Regards, > > Rainer > > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
