mod_security block requests by http-host header

Here is two rules for blocked some attack with the user-agent « Bittorrent » Put it in the file modsecurity SecRule REQUEST_HEADERS:User-Agent « Bittorrent » « id:10000002,rev:1,severity:2,log,msg:’Bittorrent Hit Detected' » I would change the log to nolog after you verify it is working to avoid filling up your log file SecRule REQUEST_HEADERS:User-Agent « Bittorrent » « id:10000002,rev:1,severity:2,nolog,msg:’Bittorrent Hit Detected' » Put it in the config […]

En Lire Plus