Re: [mod-security-users] strange DNS query
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] strange DNS query
|
From: Ervin H. <ai...@gm...> - 2024-11-02 09:30:16
|
Hi Hans, as Robert explained, this is because ModSecurity has a feature (see the blogpost). Please note that there is an intention that we would like to stop using this variable. It's been set to "Off" for a while, see https://github.com/owasp-modsecurity/ModSecurity/issues/3085. You need to update this in your config file (especially since TrustWave transferred the project to OWASP these DNS queries don't work at all). Thanks, a. On Fri, Nov 1, 2024 at 9:37 PM Hans Mayer via mod-security-users < mod...@li...> wrote: > > Dear All, > > I am using Apache/2.4.62 on Debian with the modsecurity-crs package > which is Producer ModSecurity for Apache/2.9.7 and Rule Set > OWASP_CRS/4.9.0-dev > > Each time I restart Apache I find a strange log entry in BINDs query log. > The system is looking for a name > > GIXDSLRXFRAXAYLDNBSSYMJOG4XDELZR.FY3S4MRMGEYC4NBSF4WEY5LBEA2S4MJM.GIXDSLRRGQWGGMY.1730491019.status.modsecurity.org > as A resource record which does not exists. > The query is almost the same except the number ( 1730491019 ) wich is > the Unix time. > Also this string GIXDSLRRGQWGGMY is different on different servers. > > Any idea for what this should be useful ? Does it make sense ? > Which part is actually doing this ? > > Kind regards > Hans > > -- > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
