I am using mod-security V3 on a centos machine with Openlitespeed. My php file access.php create cookie: honey_bot_trap with value : 16 character [0-9a-zA-z]. - dynamic: ex: au4abbgjk190Bl in modsecurity create rules: SecRule REQUEST_HEADERS:Cookie "@contains honey_bot_trap" "chain,id:'990014',phase:1,t=none,block,msg:'fake cookie'" i want…
I am trying to fend off carding attacks on a Magento 2 store. The attacker manually creates a shopping cart and from it is able to send repeated requests to Braintree and my store to test credit card numbers. Our…
I'm trying to get the following rule to work but it seems to be doing nothing: # Test IP address and block by country code SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block China IP address'" SecRule GEO:COUNTRY_CODE "@streq CN HK" I…
I have Ubuntu 18.10 with apache2, libapache2-mod-security2, modsecurity-crs packages with their default configuration except for enabling ModSecurity debug logging and copying modsecurity.conf-recommended and adding SecRuleEngine On. I added a new SecRule to a separate file in /etc/modsecurity/ Content of /etc/modsecurity/sf4-modsec.conf…