ModSecurity count the number of hosts accessed by an IP
Question
I need to block the ip addresses which access to more than 3 domains at the same time using ModSecurity
For example if some ip accessed:
domain1.com/someuri234
domain2.com/someuri2342
domain3.com/someuri534535
domain1.com/someuri234234
domain5.com/someuri234234
Then we block it
So we need to count the number of domains and check for it
appreciate for any help
1 answers
solution1
0 ACCPTED 2021-05-26 07:23:39
I could implement this scenario using exec:/script.sh and send request information through setenv and then collect request data and analys them on the script and block ip addresses using firewall
SecAction "id:1233456,phase:1,nolog,pass,\
setenv:RQ_REMOTE_HOST=%{REMOTE_HOST},\
setenv:RQ_REMOTE_ADDR=%{REMOTE_ADDR},\
setenv:RQ_SERVER_NAME=%{SERVER_NAME},\
setenv:RQ_SERVER_ADDR=%{SERVER_ADDR},\
setenv:RQ_SERVER_PORT=%{SERVER_PORT},\
setenv:RQ_REQUEST_URI=%{REQUEST_URI},\
setenv:RQ_REQUEST_LINE=%{REQUEST_LINE},\
setenv:RQ_SCRIPT_FILENAME=%{SCRIPT_FILENAME},\
setenv:RQ_SCRIPT_USERNAME=%{SCRIPT_USERNAME},\
setenv:RQ_USERAGENT=%{REQUEST_HEADERS.User-Agent},\
exec:/script.sh"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Modsecurity finds no geo data for IP
Whitelist Multiple IP Addresses with ModSecurity
Configure modsecurity to limit number of parameter?
Secrule modsecurity random numbers and adress ip post method
Serving virtual hosts with ip only
IP and Domain Based Virtual Hosts
How to include same modsecurity rules in multiple virtual hosts without changing the id for each rule and each host?
Default localhost can't be accessed after installing virtual hosts on WAMP
Change my hosts file to route to a folder and not an ip
Name Based Virtual Hosts on Apache with 2 IP Address
Related Tags