Mod_Security Question

Discussion in 'Install/Configuration' started by J.T., Jun 11, 2010.

  1. J.T.

    J.T. New Member

    Like all of us, I get a lot of vulnerability probers all day every day.

    I've not had time to link up Fail2Ban with LSWS properly so I'm looking to do a quick Mod-Security rule to nip at least a few if I can in the meanwhile. But I don't have much experience with Mod_Security rules and I can't get mine to work based on the documentation.

    Requests I want to deny immediately include:

    They are all open proxy scanners. Sure, they get 404's but on our system, they are "heavy" 404's which takes up a fair bit of resources. I'd like LSWS to block these right away.

    Request Filter Rules at Server level I tried for the wantsfly one:

    Code:
    SecFilterSelective REQUEST_URI "wantsfly.com"
    SecFilterSelective REQUEST_URI "*wantsfly.com*"
    
    The latter gets an error.

    How do I say "Block everything with wantsfly.com or proxyfire in the URI"?

    Thanks!
  2. mistwang

    mistwang LiteSpeed Staff

    SecFilterSelective REQUEST_URI ".*wantsfly\.com.*"

Share This Page