|
From: Chip <jef...@gm...> - 2018-03-27 00:33:20
|
Thank you for that. I ask because I read this post: https://security.stackexchange.com/questions/31556/securing-a-simple-webservice-against-brute-force-with-mod-security in which the author states a rate-limiting rule exsists in the ruleset but I can't find it. So I'm confused. If V3 has it where is it, how to I activate a brute force mitigation rule? Here is a snippet from that discussion: There are rate-limiting rule set in ModSecurity CRS that does not directly correlate whether the authentication attempt was successful or not. Following is one of the Rule |SecRule IP:BRUTE_FORCE_COUNTER "@gt %{tx.brute_force_counter_threshold}" "phase:5,id:'981042',t:none,nolog,pass,t:none, setvar:ip.brute_force_burst_counter=+1, expirevar:ip.brute_force_burst_counter=%{tx.brute_force_burst_time_slice}, setvar:!ip.brute_force_counter" | On 03/26/2018 08:23 PM, Osama Elnaggar wrote: > v3 contains everything you need. I’d suggest removing the older > ruleset if possible so you don’t accidentally enable it > > -- > Osama Elnaggar > > On March 27, 2018 at 11:10:48 AM, Chip (jef...@gm... > <mailto:jef...@gm...>) wrote: > >> WHM/Cpanel server running on CENTOS 6.9 with OWASP ModSecurity Core >> Rule Set and OWASP ModSecurity Core Rule Set V 3.0 available. >> >> Only ModSecurity Core Rule Set V 3.0 has been activated. >> >> I can see from information that V 3.0 is an enhancement to OWASP >> ModSecurity Core Rule Set but I am at a loss in the following way: >> must BOTH rule sets be activated for total coverage or does the V 3.0 >> contain everything in the >> OWASP ModSecurity Core Rule Set but with enhancements? >> >> This is not clear at least to me, anyway. >> >> Thanks. >> >> >> ------------------------------------------------------------------------------ >> >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! >> http://sdm.link/slashdot_______________________________________________ >> mod-security-users mailing list >> mod...@li... >> <mailto:mod...@li...> >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ |
