Hello buys,
I started to get loots of flood with Agent: Wordpress (PingBack) as i can see this is sompting new i think
And again with the fake / proxys no agent ... flood
The problem is i made some rules in mod_security but it add it to firewall deny list and is some sort of ussles cuz the list gets fully and empty it true rotation but they ar so manny it makes problem to entire server.
What i whant is for this sort of problem not to ban them just deny the traffic.
This is what i use and i dont undestand how or what to change.
On the /etc/apache2/conf.d/modsec/badbots.txt i got the bots name i whant to block like "Wordpress"
All i whant is just to deny the traffic and not to add it to csf firewall
Thank you.
I started to get loots of flood with Agent: Wordpress (PingBack) as i can see this is sompting new i think
And again with the fake / proxys no agent ... flood
The problem is i made some rules in mod_security but it add it to firewall deny list and is some sort of ussles cuz the list gets fully and empty it true rotation but they ar so manny it makes problem to entire server.
What i whant is for this sort of problem not to ban them just deny the traffic.
This is what i use and i dont undestand how or what to change.
Code:
SecRule &;REQUEST_HEADERS:User-Agent "^$" \
"id:'13006',phase:2,t:none,deny,status:406,log,msg:'Empty Agent - Detectat'"
Code:
# Block empty User-Agents.
SecRule &;REQUEST_HEADERS:User-Agent "@eq " \
"id:'13009',phase:2,t:none,deny,chain,status:406,log,msg:'Fake Agent - Detectat'"
Code:
# Block empty User-Agents.
SecRule &;REQUEST_HEADERS:User-Agent "@eq 0" \
"id:'13019',phase:2,t:none,deny,chain,status:406,log,msg:'Fake Agent - Detectat'"
Code:
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/apache2/conf.d/modsec/badbots.txt" "id:350001,phase:1,deny,status:406,log,msg:'BAD BOT - Detectat. '"All i whant is just to deny the traffic and not to add it to csf firewall
Thank you.
