0

More ModSec!

Here’s a couple more rules:

Block Apache Solr Search traffic with no referrer:

SecRule REQUEST_URI “search\/apachesolr_search” “chain,id:210000072,msg:’Blocking SOLR traffic with no referrer’,deny,status:411"
SecRule &HTTP_REFERER “@eq 0"

These two are not of my creation, but are quite handy, they will block WordPress Comments and logins based on known malicious hosts in the spamhaus xbl and the spamcop black list:

SecRule REQUEST_URI "wp-comments-post.php|wp-login.php|wp-trackback.php" "chain,id:300056,log,t:normalisePath,deny,status:411,msg:'Spam: Comment From user on RBL: sbl-xbl.spamhaus.org'"
SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org"
SecRule REQUEST_URI "wp-comments-post.php|wp-login.php|wp-trackback.php" "chain,id:300058,log,deny,t:normalisePath,status:411,msg:'Spam: Comment From user on RBL: bl.spamcop.net'"
SecRule REMOTE_ADDR "@rbl bl.spamcop.net"

 

tfmm

Leave a Reply

Your email address will not be published. Required fields are marked *