|
From: Osama E. <oel...@gm...> - 2018-03-27 03:03:30
|
Check out the Anti-Automation / DoS Protection option in crs-setup.conf. By default it is not enabled but you can enable the rule which will in turn trigger the rules in REQUEST-912-DOS-PROTECTION.conf -- Osama Elnaggar On March 27, 2018 at 11:33:11 AM, Chip (jef...@gm...) wrote: Thank you for that. I ask because I read this post: https://security.stackexchange.com/questions/31556/securing-a-simple-webservice-against-brute-force-with-mod-security in which the author states a rate-limiting rule exsists in the ruleset but I can't find it. So I'm confused. If V3 has it where is it, how to I activate a brute force mitigation rule? Here is a snippet from that discussion: There are rate-limiting rule set in ModSecurity CRS that does not directly correlate whether the authentication attempt was successful or not. Following is one of the Rule SecRule IP:BRUTE_FORCE_COUNTER "@gt %{tx.brute_force_counter_threshold}" "phase:5,id:'981042',t:none,nolog,pass,t:none, setvar:ip.brute_force_burst_counter=+1, expirevar:ip.brute_force_burst_counter=%{tx.brute_force_burst_time_slice}, setvar:!ip.brute_force_counter" On 03/26/2018 08:23 PM, Osama Elnaggar wrote: v3 contains everything you need. I’d suggest removing the older ruleset if possible so you don’t accidentally enable it -- Osama Elnaggar On March 27, 2018 at 11:10:48 AM, Chip (jef...@gm...) wrote: WHM/Cpanel server running on CENTOS 6.9 with OWASP ModSecurity Core Rule Set and OWASP ModSecurity Core Rule Set V 3.0 available. Only ModSecurity Core Rule Set V 3.0 has been activated. I can see from information that V 3.0 is an enhancement to OWASP ModSecurity Core Rule Set but I am at a loss in the following way: must BOTH rule sets be activated for total coverage or does the V 3.0 contain everything in the OWASP ModSecurity Core Rule Set but with enhancements? This is not clear at least to me, anyway. Thanks. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
