Re: [mod-security-users] Rate Limiting using X-forwarded-For
Brought to you by:
victorhora,
zimmerletw
From: Altgilbers, I. M <Ian...@tu...> - 2017-04-06 18:34:53
|
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#REQUEST_HEADERS We’ve used Mod Extract Forwarded or mod_rpaf in the past.. both put the x-forwarded-for IP into REMOTE_ADDR, then you can use standard rules. More manageable than editing a bunch of rules to look for a particular header. Ian Altgilbers Senior Systems Administrator Educational Technology Services Tufts Technology Services Tufts University Phone: 617.627.0388 http://it.tufts.edu/ests On Apr 6, 2017, at 10:56 AM, Alex <al...@nd...<mailto:al...@nd...>> wrote: Hello, I want to create a rate limiting rule, but using the X-Forwarded-For header. I googled for a rate limiting rule and came across this following: SecRuleEngine On <LocationMatch "^/somepath"> SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog SecAction "phase:5,deprecatevar:ip.somepathcounter=1/1,pass,nolog" SecRule IP:SOMEPATHCOUNTER "@gt 60" "phase:2,pause:300,deny,status:509,setenv:RATELIMITED,skip:1,nolog" SecAction "phase:2,pass,setvar:ip.somepathcounter=+1,nolog" Header always set Retry-After "10" env=RATELIMITED </LocationMatch> ErrorDocument 509 "Rate Limit Exceeded” How do i modify this to use the X-Forwarded-For header, or any other header for that matter. ? Thank you ALex |