Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /etc/init.d/apache2 restart
- * Restarting web server apache2 [fail]
- * The apache2 configtest failed.
- Output of config test was:
- AH00526: Syntax error on line 252 of /etc/apache2/apache2.conf:
- ModSecurity: No action id present within the rule
- Action 'configtest' failed.
- The Apache error log may have more information.
- 232 Alias /shared /var/shared
- 233 <Directory /var/shared>
- 234 Options Indexes MultiViews FollowSymLinks
- 235 AllowOverride AuthConfig
- 236 Order allow,deny
- 237 Allow from all
- 238 </Directory>
- 239
- 240 <IfModule security2_module>
- 241 Include /usr/share/modsecurity-crs/*.conf
- 242 Include /usr/share/modsecurity-crs/base_rules/*.conf
- 243 </IfModule>
- 244 <LocationMatch /shared>
- 245 # Uncomment to troubleshoot
- 246 SecDebugLogLevel 9
- 247 SecDebugLog /tmp/troubleshooting.log
- 248
- 249 # Enforce an existing IP address block
- 250 SecRule IP:bf_block "@eq 1"
- 251 "phase:2,deny,
- 252 msg:'IP address blocked because of suspected brute-forceattack'"
- 253
- 254 # Check that this is a POST
- 255 SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass"
- 256 # AND Check for authentication failure and increment counters
- 257 # NOTE this is for a Rails application, you probably need to customize this
- 258 SecRule RESPONSE_STATUS "^200"
- 259 "setvar:IP.bf_counter=+1"
- 260
- 261 # Check for too many failures from a single IP address. Block for 10 minutes.
- 262 SecRule IP:bf_counter "@ge 3"
- 263 "phase:5,pass,t:none,
- 264 setvar:IP.bf_block,
- 265 setvar:!IP.bf_counter,
- 266 expirevar:IP.bf_block=600"
- 267 </LocationMatch>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement