Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Beatnik (493)

Beatnik
  (email not shown publicly)
http://www.ldl48.org/

A 29 year old belgian who likes Mountain Dew, Girl Scout Cookies, Tim Hortons French Vanilla Flavoured Cappucinno, Belgian beer, Belgian chocolate, Belgian women, Magners Cider, chocolate chipped cookies and Perl. Likes snowboarding, snorkling, sailing and silence. Bach can really cheer him up! He still misses his dog.

Project Daddy of Spine [sf.net], a mod_perl based CMS.

In his superhero time (8.30 AM to 5.30 PM), he works on world peace.

Journal of Beatnik (493)

Sunday April 22, 2007
11:56 AM

mod_security

[ #33067 ]
After postponing this for a long time, I finally implemented Mod_security on my webserver. My server somehow gets attacked by a large number of bots trying the most silly exploits first.. 99.99% of those are actually on PHP applications. The mod_security rules I added (using a generating tool as a guide are listed below.. They're totally unoptimized but I hope it'll take the load of a bit:

SecFilterEngine On
SecFilterScanPOST On
SecAuditLog /var/log/apache-perl/audit_log
SecFilterDefaultAction "deny,log,status:412"
SecFilterSelective "REQUEST_URI" "php"
SecFilterSelective "REQUEST_URI" "w00t"
SecFilterSelective "REQUEST_URI" "awstats"
SecFilterSelective "REQUEST_URI" "cobalt"
SecFilterSelective "REQUEST_URI" "x0"
SecFilterSelective "REQUEST_URI" "exec"
SecFilterSelective "REQUEST_URI" "fase"
SecFilterSelective "REQUEST_URI" "faze"
SecFilterSelective "REQUEST_METHOD" "CONNECT"

I've copied my error log and will try to add certain hosts to my ruleset.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.