Modsecurity rules to protect WP login?

Discussion in 'Install/Configuration' started by Yogesh Sarkar, Mar 29, 2013.

  1. yak983

    yak983 New Member

    try but no work ... no block wp-login and no log .. in httpd.conf i have add
    the file /var/log/httpd/modsec_debug2.log was be correctry created by litespeed
    2633668 -rw-r--r-- 1 apache apache 0 Feb 26 14:26 /var/log/httpd/modsec_debug2.log

    <IfModule mod_security2.c>
    SecAuditLog /var/log/httpd/modsec_debug2.log

    # This has to be global, cannot exist within a directory or location clause . . .
    SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR}
    <Location /wp-login.php>
    # Setup brute force detection.

    # React if block flag has been set.
    SecRule user:bf_block "@gt 0" "deny,status:401,log,msg:'ip address blocked for 5 minutes, more than 15 login attempts in 3 minutes.'"

    # Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
    SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0"
    SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180"
    SecRule ip:bf_counter "@gt 15" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"

Share This Page