DEVHIDE
Login Or Sign up

Secrule modsecurity random numbers and adress ip post method

49 Views Asked by At

I have an attack on my server, several thousand logs. Please take a look. I am looking for a method that could help me block these queries to my wordpress. I tried to block by IP, but there are others as well. This post query - is still the same

index.php=huya$$()owy3419magor <- Only the number changes.

Is it possible to block POST requests with random numbers in the middle of the text?

Can you give me a hint? I could not find such information.

My logs:

enter image description here

Look at the logs. Only the number in the middle changes. I've got thousands of it.

apache mod-security mod-security2
Original Q&A
1

There are 1 best solutions below

0
On

I think the fastest rule could be like this:

SecRule REQUEST_URI "@beginsWith /index.php=huya$$()owy" \
    "id:900101,\
    phase:1,\
    t:none,\
    block,\
    msg:'WPadmin \"owy\" attack.',\
    log"

Related Questions in APACHE

Related Questions in MOD-SECURITY

Related Questions in MOD-SECURITY2

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.