本文主要是介绍Modsecurity设置识别异常资源使用,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
识别异常资源,并对于异常访问记录日志和作出暂停响应的回应,阻断CSRF蠕虫进攻。
SecAction "phase:1,id:'981082',t:none,nolog,pass,initcol:resource=%{request_headers.host}_%{request_filename},setvar:resource.pattern_threshold=50,setvar:resource.confidence_counter_threshold=100"
SecRule RESOURCE:UPDATE_RATE "@gt 1000" "id:'999600',phase:5,t:none,pass,msg:'Resource Update Rate Threshold Exceeded.',setvar:resource.disable_resource=1,expirevar:resource.disable_resource=3600'"
SecRule RESOURCE:DISABLE_RESOURCE "@eq 1" "id:'999601',phase:1,t:none,redirect:http://172.27.203.81:8080/news/news/error.php,msg:'Access to Resource Temporariy Denied Due to High Usage.'"这篇关于Modsecurity设置识别异常资源使用的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
