Re: [mod-security-users] Can we consume Third Part IP reputation list?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Can we consume Third Part IP reputation list?
|
From: Blason R <bla...@gm...> - 2020-04-14 04:14:05
|
Well with v2.9.0-RC1 it seems it supports load content served by an HTTPS server. On Mon, Apr 13, 2020 at 6:46 PM homesh joshi <ho...@gm...> wrote: > Hi Blason, > > If you can keep a IP list in a txt file e.g bad-ip.txt e.g > cat bad-ip.txt > 1.1.1.1 > 2.2.2.2 > . > . > n.n.n.n > > The you can call this list in a modsec rule like below mention example. > > SecRule REMOTE_ADDR "@ipMatchFromFile /file-path-for bad-ip.txt/bad-ip.txt" "id:6005,\ > phase:request,log,\ > msg:'Threat Intel',\ > tag:'Local-bad-reputation',\ > severity:'CRITICAL',\ > maturity:'9',\ > accuracy:'9',\ > rev:'1',\ > capture,\ > drop" > > I have set action as "drop" which will do "tcp reset" and hence save my Apache sessions from getting full by these bad IPs > > After every time you update the file you will need to reload / restart the Apache service. > > I am running this with Apache 2.4 and modsecurity 2.9.3 for past 1 year with out any issue. > > Hope this helps. > > Thanks, > > Homesh > > > > On Mon, Apr 13, 2020 at 4:38 PM Blason R <bla...@gm...> wrote: > >> Hi Folks, >> >> Wondering if we can consume any third party IP reputation list through >> modsec? >> Just like we internally generate our own IP reputation list through >> honeypot and wanted to know if I can use that? >> >> TIA >> Blason R >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
