Talk:Mod Security

From Fail2ban
Jump to: navigation, search

Would the following regexp not be better then the one currently mentioned in the wiki?


This basically blocks requests generating any 5nn or 4nn (except 404) errors. And it does that only to non authenticated users (assuming you trust your own users).

My mod_security audit log has the following format: - - [26/Mar/2011:02:15:26 +0100] "GET /index.php%3fcPath=23_37/admin/file_manager.php/login.php HTTP/1.1" 403 956 "-" "-" cgpK-l4XDuMAAE8RU08AAAAA "-" /20110326/20110326-0215/20110326-021526-cgpK-l4XDuMAAE8RU08AAAAA 0 1160 md5:1177ddb05d0e361a443f6afc9329c784