Knowledgebase

Mod Security: SecRule REQUEST_URI best practices

Posted by gpl24, 10-01-2011, 11:38 PM
In your expert opinion, what would you do in this scenario: I receive daily probes to specific CMS URL's I do not have. Upon further investigation, many of the probes appear to originate from compromised hosting servers. I got tired of filing manual abuse reports, so I setup mod security to auto-block these turds. Now, because they're looking for hack-able URLs like admin, etc; should this be a 406 or 404 result? This is what I have right now: If a better practice is to 404 these, how can I do that? By default, this is shooting a 406 response. Side question: If I 404 this rule, would mod security still block these attempts if they fall within the mod security duration rules? (Currently, 406 mod_security responses send these IPs to perma-blocks on the firewall)


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Googlebot requesting nonexistent strange filenames (Views: 611)
Password problem (Views: 615)
netstat results show 3 ips in same location with several connections (Views: 526)
How to reduce VPS Memory Usage? (Views: 652)
I need a Hosting Cart. (Views: 593)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.