|
From: Manuel S. <spa...@gm...> - 2019-04-15 01:46:59
|
Hi Boris, do you use OWASP CRS? Which version?
If you don’t use CRS, you will have to write the blacklisting logic and not only the setting the ip to be blacklisted.
Cheers!
Sent from my iPhone
> On 14 Apr 2019, at 15:36, Boris Kočar <bor...@gm...> wrote:
>
> Hello,
>
> I'm digging through internet to find out about how to parse JSON response and create the rule.
>
> To be more specific here is a layout:
> 1. Layer 1 Nginx with Modsecurity
> 2. Layer 2 Application server
> 3. Layer 3 ....
>
> Scenario:
> when user try to do some illegal things which is known only to application server where is all the business. Let say for example spray password attack.
>
> What I like to establish on Modsecurity:
> Application server will send back json response with code 401 and json {IP: a.t.t.a.c.k.e.r i.p}, Modsecurity would catch response, see code (e.g. 401), parse json body and put that IP on black list for xy minutes.
>
> Thanks in front for your time to reply.
>
> Boris
>
>
>
>
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
|
