Mod Security

From Fail2ban
Jump to: navigation, search

Mod_Security is a security module for Apache, filtering input or output using a set of signatures. Mod_Security is sometimes called a webapplication firewall. More information about Mod_Security can be found at [1]

  • Feb 22 10:39:57 modsec@lvps87-230-5-231 modsec: Request: - - [22/Feb/2008:10:39:56 +0100] "GET /component/index.php?mosConfig_absolute_path= HTTP/1.1" 403 959 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511" - "-"


The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

  • Request: (.*?) <HOST>