two of my servers are getting hit with mod_security 406 errors from different ip numbers every 30 minutes starting 2 days ago. csf firewall lfd is blocking the ip's but this never happened to me before. is there a way to stop these attacks or add an additional layer of security?
i have searched all over the internet and cannot find any answers.
one of the emails i got below:
Time: Tue May 18 21:11:48 2010 -0400
IP: 85.159.90.33 (GB/United Kingdom/vps156.dns6.com)
Failures: 5 (mod_security)
Interval: 300 seconds
Blocked: Yes
Log entries:
[Tue May 18 21:11:42 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((?
?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6zkt@8qMAABH2"]
[Tue May 18 21:11:42 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6zkt@8qMAABH5"]
[Tue May 18 21:11:43 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6z0t@8qMAABH3"]
[Tue May 18 21:11:43 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6z0t@8qMAABH4"]
[Tue May 18 21:11:43 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6z0t@8qMAABG"]
-------------------------------------------------------------------------
i have searched all over the internet and cannot find any answers.
one of the emails i got below:
Time: Tue May 18 21:11:48 2010 -0400
IP: 85.159.90.33 (GB/United Kingdom/vps156.dns6.com)
Failures: 5 (mod_security)
Interval: 300 seconds
Blocked: Yes
Log entries:
[Tue May 18 21:11:42 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((?
?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6zkt@8qMAABH2"][Tue May 18 21:11:42 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((?
?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6zkt@8qMAABH5"][Tue May 18 21:11:43 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((?
?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6z0t@8qMAABH3"][Tue May 18 21:11:43 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((?
?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6z0t@8qMAABH4"][Tue May 18 21:11:43 2010] [error] [client 85.159.90.33] ModSecurity: Access denied with code 406 (phase 1). Match of "rx ^((?
?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "36"] [id "9600"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [uri "/"] [unique_id "S-M6z0t@8qMAABG"]-------------------------------------------------------------------------