Re: [mod-security-users] Retry-After header not being set?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Retry-After header not being set?
|
From: Andrew H. <and...@lo...> - 2022-02-21 14:03:53
|
Hi Jamie, > Regarding the phasing, please can you tell me which numbers to use to make > that work? All the examples I have found use the same phase numbers. If I > set them the same, presumably the counter will never move? You _could_ try moving your deprecatevar rule to phase 2 so that it's executed before your deny rule, but that may well introduce unintended side effects I haven't considered... (The point of having deprecatevar execute in phase 5, as I understand it, is so that it takes place unconditionally: putting it elsewhere could result in it being skipped or removed or for something unforeseen to happen, breaking the whole construct.) You might have more luck decoupling the detection and blocking logic by setting an "is_blocked" flag, checking for that, and then playing with variable expiry times. You could even zero-out your counting/detection variable on a successful block, so that it's back to 0 again once a temporary block is over. There are some examples like this in the ModSecurity Handbook, and I've seen a few tutorials online doing similar things. I'd still recommend steering clear of doing this in ModSecurity, though :) Thanks, Andrew -- Andrew Howe Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 |
