Re: [mod-security-users] ModSec / CRS: Use of GeoIP & ASN information
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSec / CRS: Use of GeoIP & ASN information
|
From: <az...@po...> - 2022-10-20 13:45:20
|
Hi! > One idea I’m toying with is creating an interstitial page similar to > Cloudflare’s “Checking your browser..” page. For ASNs which are > problematic it would be a bit safer to force someone to perform a > hCaptcha or something check before they can get through to the > intended site and set a cookie. I think this might be possible but a > little bit difficult to create entirely using mod_security though, > so I’m thinking about writing a new (and relatively simple) Apache > module. I’d love to hear if someone has already done this! My ModSecurity reCAPTCHA library may help you with this, check it out (needs Lua support in ModSec): https://github.com/azurit/modsecurity-recaptcha azurit > > Joel > >> On 19 Oct 2022, at 12:04 am, Christian Folini >> <chr...@ne...> wrote: >> >> Hi there, >> >> During the years, I have found the use of GeoIP (& ASN) information in >> #ModSecurity / @CoreRuleSet very useful. Yet very few people do >> this for GeoIP and practically nobody for ASN. >> >> It really helps to weed out false positives or defend in case of certain >> persistent attacks. >> >> Since good documentation on the subject is scare, here is how to get this >> into your setup: >> >> https://www.netnea.com/cms/2022/10/12/using-geoip-information-together-with-modsecurity/(Also covered in my 2nd webcast last week: >> https://www.youtube.com/watch?v=OBVwdqEFmX0) >> >> I have also covered this in my 2nd ModSec / CRS webcast last week (plus some >> additional interesting stuff): >> https://www.youtube.com/watch?v=OBVwdqEFmX0 >> >> Best, >> >> Christian >> >> >> -- >> Ultimately, motivation gets us started, >> but discipline and habit are what enable us to finish. >> -- Matthew Helmke >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
