blocking ips with iptables accessing invalid URL
Manuel Aróstegui
manuel at todo-linux.com
Wed Jul 8 13:27:35 UTC 2009
El mié, 08-07-2009 a las 08:17 -0500, Marti, Rob escribió:
> You get that alert/denial because you're accessing the webserver by IP, not by name. You can set mod_security to log only - we're in the middle of implementing it and had to do that for a while to filter out false positives.
Yeah, mod_security needs a lot of work to get it running smoothly,
otherwise it will dump lot of connections it shouldn't.
I always set it up in an pre-production environment before setting it up
in production system. I have it running there for a while and studying
its logs you can define the rules you need it to work with.
Manuel.
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, might not be read every day, and should not
be used for urgent or sensitive issues.
More information about the redhat-list
mailing list