|
From: Boris K. <bor...@gm...> - 2019-04-14 19:36:39
|
Hello,
I'm digging through internet to find out about how to parse JSON response
and create the rule.
To be more specific here is a layout:
1. Layer 1 Nginx with Modsecurity
2. Layer 2 Application server
3. Layer 3 ....
Scenario:
when user try to do some illegal things which is known only to application
server where is all the business. Let say for example spray password
attack.
What I like to establish on Modsecurity:
Application server will send back json response with code 401 and json {IP:
a.t.t.a.c.k.e.r i.p}, Modsecurity would catch response, see code (e.g.
401), parse json body and put that IP on black list for xy minutes.
Thanks in front for your time to reply.
Boris
|
