|
From: Ivan R. <iv...@we...> - 2005-01-22 00:00:21
|
HerKonu Team - Black wrote: > Hi, > First of all, thank you for your response. Our server is running on > the Suse/Linux. However, we do not know how to write(design) rules to > identify the attacks. If you can help us with that, we would be very > glad. Also, when you talk about the logs, do you mean the server logs > about the attacks, or the logs taken by the mod_security? Web server logs. I'll write the rules you show me one Apache access log entry that belongs to the attackers. -- Ivan Ristic (http://www.modsecurity.org) |
