Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

Commit

Permalink
Fixing brute force URL @Within errors.
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryan Barnett committed Jun 5, 2013
1 parent fcca448 commit 33612c6
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
5 changes: 3 additions & 2 deletions experimental_rules/modsecurity_crs_11_brute_force.conf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# ---------------------------------------------------------------
#---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.7
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
Expand Down Expand Up @@ -36,7 +36,8 @@ SecRule IP:BRUTE_FORCE_BLOCK "@eq 1" "phase:1,id:'981037',block,nolog,setvar:ip.
# In these cases, we skip doing the request counts.
#
SecRule &TX:BRUTE_FORCE_PROTECTED_URLS "@eq 0" "phase:5,id:'981038',t:none,nolog,pass,skipAfter:END_BRUTE_FORCE_PROTECTION_CHECKS"
SecRule REQUEST_FILENAME "!@within %{tx.brute_force_protected_urls}" "phase:5,id:'981039',t:none,nolog,pass,skipAfter:END_BRUTE_FORCE_PROTECTION_CHECKS"
SecRule REQUEST_FILENAME ".*" "chain,phase:5,id:'981039',t:none,nolog,pass,setvar:'tx.filename=#%{request_filename}#',skipAfter:END_BRUTE_FORCE_PROTECTION_CHECKS"
SecRule TX:FILENAME "!@within %{tx.brute_force_protected_urls}"
SecRule IP:BRUTE_FORCE_BLOCK "@eq 1" "phase:5,id:'981040',t:none,nolog,pass,skipAfter:END_BRUTE_FORCE_PROTECTION_CHECKS"

#
Expand Down
2 changes: 1 addition & 1 deletion modsecurity_crs_10_setup.conf.example
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ SecAction \
"id:'900014', \
phase:1, \
t:none, \
setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \
setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#', \
setvar:'tx.brute_force_burst_time_slice=60', \
setvar:'tx.brute_force_counter_threshold=10', \
setvar:'tx.brute_force_block_timeout=300', \
Expand Down

0 comments on commit 33612c6

Please sign in to comment.