Author: D.B27 (9 May 15 10:46pm)
If it helps…
66.249.64.238 CRITICAL 302
981138: HTTP Blacklist match for client IP.
Request: GET /somepageonmysite
Action Description: Access denied with redirection to http://www.mysite.com/ using status 302 (phase 2).
Justification: RBL lookup of xxxxxxxxxxx.238.64.249.66.dnsbl.httpbl.org succeeded at TX:real_ip.
Original Id
981138
Rule Text
#
# Check Client IP against ProjectHoneypot's HTTP Blacklist
# Ref: http://www.projecthoneypot.org/httpbl_api.php
#
# Must register for an HttpBL API Key and configure SecHttpBlKey directive
# in the modsecurity_crs_10_setup.conf file.
# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecHttpBlKey
#
SecRule TX:REAL_IP "@rbl dnsbl.httpbl.org" "msg:'HTTP Blacklist match for client IP.', severity:'CRITICAL', id:'981138', phase:request, block, t:none, tag:'IP_REPUTATON/MALICIOUS_CLIENT', setvar:'tx.msg=%{rule.msg}', setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var}, setvar:ip.block=1, expirevar:ip.block=%{tx.block_duration}, setvar:'ip.block_reason=%{rule.msg}', setvar:ip.previous_rbl_check=1, expirevar:ip.previous_rbl_check=86400, skipAfter:END_RBL_CHECK"
Then again, I got no clue what I'm doing so….
I have no desire to block Google.
Post Edited (11 May 15 8:43am)
|