|
From: Patrick R. <P.R...@ma...> - 2022-03-07 00:18:17
|
Hi all,
I’ve got the following snippet from our Apache configuration which successfully provides rate limiting protection against a PHP resource.
How can I run a shell command when this rule kicks in so that we are alerted that rate limiting protection has been activated (preferably without it being run hundreds of times) ?
Scenario is that I would like to know when this rule kicks in – we’ve got a busy production environment and would refer a script to be run (rather than trying to process the HTTPD logs after the fact).
<LocationMatch "^/course/view.php.*">
SecRule REQUEST_HEADERS:X-Forwarded-For "@unconditionalMatch" "phase:2,initcol:ip=%{MATCHED_VAR},pass,nolog,id:100"
SecRule IP:ACCESS_COUNT "@gt 1" "phase:2,pause:300,deny,status:429,setenv:RATELIMITED,skip:1,nolog,id:102"
SecAction "phase:2,setvar:ip.access_count=+1,pass,nolog,id:103"
SecAction "phase:5,ctl:auditEngine=On,deprecatevar:ip.access_count=1/1,pass,nolog,id:104"
Header always set Retry-After "10" env=RATELIMITED
</LocationMatch>
ErrorDocument 429 "Rate Limited"
With Thanks,
Patrick Rynhart
|
