TechQA.

ModSecurity count the number of hosts accessed by an IP

226 views Asked by At

I need to block the ip addresses which access to more than 3 domains at the same time using ModSecurity
For example if some ip accessed:

domain1.com/someuri234
domain2.com/someuri2342
domain3.com/someuri534535
domain1.com/someuri234234
domain5.com/someuri234234

Then we block it
So we need to count the number of domains and check for it
appreciate for any help

apache webserver firewall mod-security mod-security2
Original Q&A
1

There are 1 answers

0
Farhad Sakhaei On BEST ANSWER

I could implement this scenario using exec:/script.sh and send request information through setenv and then collect request data and analys them on the script and block ip addresses using firewall

SecAction "id:1233456,phase:1,nolog,pass,\
    setenv:RQ_REMOTE_HOST=%{REMOTE_HOST},\
    setenv:RQ_REMOTE_ADDR=%{REMOTE_ADDR},\
    setenv:RQ_SERVER_NAME=%{SERVER_NAME},\
    setenv:RQ_SERVER_ADDR=%{SERVER_ADDR},\
    setenv:RQ_SERVER_PORT=%{SERVER_PORT},\
    setenv:RQ_REQUEST_URI=%{REQUEST_URI},\
    setenv:RQ_REQUEST_LINE=%{REQUEST_LINE},\
    setenv:RQ_SCRIPT_FILENAME=%{SCRIPT_FILENAME},\
    setenv:RQ_SCRIPT_USERNAME=%{SCRIPT_USERNAME},\
    setenv:RQ_USERAGENT=%{REQUEST_HEADERS.User-Agent},\
    exec:/script.sh"

Related Questions in APACHE

Related Questions in WEBSERVER

Related Questions in FIREWALL

Related Questions in MOD-SECURITY

Related Questions in MOD-SECURITY2

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions