Re: [mod-security-users] mod_security - alert mail
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security - alert mail
|
From: Christian F. <chr...@ne...> - 2018-01-11 17:05:34
|
Hey Edouard, On Thu, Jan 11, 2018 at 01:13:51PM -0300, Edouard Guigné wrote: > I supposed users often ask for this, is there a way to configure > mod_security to get alert emails when some rules are activated ? > And to configure what activated rules are allowed to send email alert ? (I > do not want every activated rules send alert by email). There are various options and you need to build this yourself. Personally, I think detection / blocking and alerting should be separated. But there is nothing stopping you from using the exec action in phase 5 to trigger an email. But think about the number of emails you get when somebody runs a vulnerability scan on your site. I think it is smarter to sit on the logs and scan them for alerts, add some intelligence and then do the alarming. That way you can make sure that there is at most a message every 5 minutes or stuff like that. It's hard to get that right from within ModSec. Just my 2 cents. Ahoj, Christian > > Best regards, > EG > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
