Author: S.Beimer (8 Jan 23 3:05pm)
Hi
I have a ModSecurity installed and enabled rules for querying Project Honeypot but there is no blocking.
Looking into the dns logs (pi-hole) I see that the httpbl is queried with e.g.
<mycode>.199.116.42.192.dnsbl.httpbl.org giving 127.8.30.5
<mycode>.207.99.22.46.dnsbl.httpbl.org giving 127.19.4.1
In Modsecurity it is configured as in the documentation (plus search engine):
SecHttpBlKey <mykey>
SecAction "id:900500,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:tx.block_search_ip=1,\
setvar:tx.block_suspicious_ip=1,\
setvar:tx.block_harvester_ip=1,\
setvar:tx.block_spammer_ip=1"
As I get the queries in the dns log and I see it is getting results, I assume that the ModSecurity rules are processed.
So why is there no blocking? What may be the cause?
Post Edited (8 Jan 23 3:16pm)
|