More ModSec!

Here’s a couple more rules:

Block Apache Solr Search traffic with no referrer:

SecRule REQUEST_URI “search\/apachesolr_search” “chain,id:210000072,msg:’Blocking SOLR traffic with no referrer’,deny,status:411"
SecRule &HTTP_REFERER “@eq 0"

These two are not of my creation, but are quite handy, they will block WordPress Comments and logins based on known malicious hosts in the spamhaus xbl and the spamcop black list:

SecRule REQUEST_URI "wp-comments-post.php|wp-login.php|wp-trackback.php" "chain,id:300056,log,t:normalisePath,deny,status:411,msg:'Spam: Comment From user on RBL: sbl-xbl.spamhaus.org'"
SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org"
SecRule REQUEST_URI "wp-comments-post.php|wp-login.php|wp-trackback.php" "chain,id:300058,log,deny,t:normalisePath,status:411,msg:'Spam: Comment From user on RBL: bl.spamcop.net'"
SecRule REMOTE_ADDR "@rbl bl.spamcop.net"



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.