|
osdir.com mailing list archive |
|
Subject: Re: Trigger modsec log/deny from web script - logging web spam flagged by b2evolution - msg#00000List: apache.mod-security.userJason Edgecombe wrote: Hi there, Is there a way to have mod_security deny and log a request based on the action of a php/perl/cgi script? Specifically, I'm using b2evolution for weblogs and I want to have mod_security log the requests that b2evolution marks as spam. Currently, b2evolution returns a 403 when a comment/trackback is spam. I don't see a way to trigger mod_security based on response code. Would setting an environment variable from within a PHP script accomplish this? How about: SecAuditLogRelevantStatus ^403$ Excellent! I'll implement that. Is there another way incase I don't want to use the http error code? For example, a http request contains a spam referrer, but I still want to serve the page to the client. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click Thread at a glance:
Next Message by Date: click to view message previewRe: Trigger modsec log/deny from web script - logging web spam flagged by b2evolutionJason Edgecombe wrote: > > Excellent! I'll implement that. > > Is there another way incase I don't want to use the http error code? > > For example, a http request contains a spam referrer, but I still want > to serve the page to the client. I don't know anything about your software but you can serve a perfectly normal looking page with code 403 (since the code is not shown to the user). But if your setup does not allow for that you can try to use output buffering and catch spammers with: SecFilterSelective OUTPUT "keyword in the response" This is a somewhat slower solution, though. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click Next Message by Thread: click to view message previewRe: Trigger modsec log/deny from web script - logging web spam flagged by b2evolutionJason Edgecombe wrote: > > Excellent! I'll implement that. > > Is there another way incase I don't want to use the http error code? > > For example, a http request contains a spam referrer, but I still want > to serve the page to the client. I don't know anything about your software but you can serve a perfectly normal looking page with code 403 (since the code is not shown to the user). But if your setup does not allow for that you can try to use output buffering and catch spammers with: SecFilterSelective OUTPUT "keyword in the response" This is a somewhat slower solution, though. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click Loading Comments...
|
|
