add mod_security ban by error code configuration

Post Reply
wolf
Junior Member
Posts: 51
Joined: 13 Jul 2007, 14:19
Contact:

add mod_security ban by error code configuration

Post by wolf »

I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry.

eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltogether.

just thought it would add a whole new level of control :)
wolf
Junior Member
Posts: 51
Joined: 13 Jul 2007, 14:19
Contact:

Post by wolf »

exactly what code(s) does csf recognize in the mod_security audit logs? seems some codes will trigger it while others wont.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

It uses a regex against the error posted in the apache error_log. You can find the regex in /etc/csf/regex.pm
Post Reply