More info in CSF.DENY for modsecurity?
Posted: 10 Sep 2013, 19:12
Hello Chirpy and Sarah,
could it be possible to include on the details of a blocked IP in CSF.DENY made by mod_security, the rule number that was triggered by the IP? If there were a few different rules, to write the last one?
This an actual line in CSF.DENY:
113.64.81.10 # lfd: (mod_security) mod_security triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013
It would be great to have it this way:
113.64.81.10 # lfd: (mod_security) rule "950051" triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013
It will be great to have the rule id instead of two times the word "mod_security" and it will help to see in a glance what rule id is the most triggered.
Regards,
Sergio
could it be possible to include on the details of a blocked IP in CSF.DENY made by mod_security, the rule number that was triggered by the IP? If there were a few different rules, to write the last one?
This an actual line in CSF.DENY:
113.64.81.10 # lfd: (mod_security) mod_security triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013
It would be great to have it this way:
113.64.81.10 # lfd: (mod_security) rule "950051" triggered by 113.64.81.10 (CN/China/-): 3 in the last 3600 secs - Mon Sep 9 21:25:06 2013
It will be great to have the rule id instead of two times the word "mod_security" and it will help to see in a glance what rule id is the most triggered.
Regards,
Sergio