Re: [mod-security-users] Network Attack v2.8 and Referers
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Network Attack v2.8 and Referers
|
From: Oliver S. <Bor...@gm...> - 2005-04-11 11:53:41
|
Sorry if that is wrong on this list. I don't even know whether mod_security supports exactly this feature. But I would do it in mod_rewrite as described in the Rewrite Guide: http://httpd.apache.org/docs-2.0/misc/rewriteguide.html E.g. denying access to certain user agents could be done like this: ----------------------------- RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ^FireFox - Network Attack v2.8 RewriteRule ^/.* - [F] ----------------------------- Similarly for referrers: ----------------------------- RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://www.tahribat.com RewriteRule ^/.* - [F] ----------------------------- HTTP_REFERER is spelled correctly - it was a typo in the first NSCA server which still exists for compatibility. Oliver > Hi, > I want to learn, if we can ban ips with certain log entries by > mod_security, for example, in the harvest part: "Network Attack v2.8". > Also, can we reject the connections to our server from certain > referers such as "www.sanaldarbe.com" , "www.tahribat.com" and > "www.tithac.com". If we can, then can you help us with this issue? > Thank you for your time and attention. > > Log Examples: > > 213.208.67.82 - - [09/Apr/2005:13:34:49 +0200] "GET /index.php > HTTP/1.0" 200 1177 "-" "FireFox - Network Attack v2.8 - fuck you" > 212.405.32.11 - - [09/Apr/2005:13:34:49 +0200] "GET /index.php > HTTP/1.0" 200 1177 "-" "FireFox - Network Attack v2.8 - tithack" > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > -- --------------------------------------------------- May the source be with you, stranger ;) ICQ: #281645 URL: http://assarbad.net |
