View Single Post
  #8   (View Single Post)  
Old 19th August 2008
hamba hamba is offline
Fdisk Soldier
 
Join Date: Apr 2008
Posts: 71
Default

Hi

I guess you could try something like this

Code:
grep -E '(^|[[:space:]])[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*([[:space:]]|$)' \
/var/log/httpd-modsec2_audit.log | cut -d ' ' -f 4 | sort -u | \
pfctl -t apache -T add -f -
Depending on the output from your mod_secure logfile.

mine looks something like this
Code:
--82093a46-A--
[17/Aug/2007:11:16:52 +0200] psbA9goAZJYAAU6-qfoAAACR 66.249.73.38 41056 10.0.100.150 80
--82093a46-B--
GET / HTTP/1.1
Host: www.example.net
Connection: Keep-alive
User-Agent: Mediapartners-Google
Accept-Encoding: gzip

--82093a46-F--
HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.3
Last-Modified: Fri, 10 Aug 2007 09:16:52 GMT
Cache-Control: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

--82093a46-H--
Message: Warning. Match of "rx OPTIONS" against "REQUEST_METHOD" required. [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"]
Stopwatch: 1187342212055286 119755 (466 1039 -)
Producer: ModSecurity v2.1.1 (Apache 2.x)
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 DAV/2
But then again, I haven't used mod_security in a while.
I might try it again soon.
Reply With Quote