blocking ips with iptables accessing invalid URL
ESGLinux
esggrupos at gmail.com
Wed Jul 8 11:49:13 UTC 2009
>
>
> With Apache, a very useful tool to block this events is mod_security.
>
Very interesting apache module, I didn´t know about it.
I have installed and looks nice and powerfull. For example I access my test
computer with ip and with this module loaded it doesn´t work anymore:
[08/Jul/2009:13:41:49 +0200] [192.168.1.191/sid#8ffde98][rid#94e5820][/][1]
Access denied with code 400 (phase 2). Pattern match "^[\d\.]+$" at
REQUEST_HEADERS:Host. [file
"/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf"] [line
"60"] [id "960017"] [msg "Host header is a numeric IP address"] [severity
"CRITICAL"] [tag "PROTOCOL_VIOLATION/IP_HOST"]
I´ll have to configure it....
Thanks
ESG
More information about the redhat-list
mailing list