how to achieve DOS protection? nginx+modlib3.0 #1835
Assignees
Labels
3.x
Related to ModSecurity version 3.x
duplicate
Ops. Somebody else already hit that bump
libmodsec - missing features
RIP - libmodsecurity
Comments
victorhora
added
duplicate
|
Thank you for your answer @victorhora ,I will follow up on #1803. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi!
I want test DOS protection, but I find the aciton expirevar not implement,that‘s mean ModLib not support this function now?
ACTION_EXPIRE_VAR
{
//ACTION_NOT_SUPPORTED("ExpireVar", @0);
ACTION_CONTAINER($$, new actions::Action($1));
}
SecRule IP:DOS_BLOCK "@eq 1"
"chain,
phase:1,
id:912120,
drop,
tag:'application-multi',
tag:'language-multi',
tag:'platform-multi',
tag:'attack-dos',
msg:'Denial of Service (DoS) attack identified from %{tx.real_ip} (%{tx.dos_block_counter} hits since last alert)'"
SecRule &IP:DOS_BLOCK_FLAG "@eq 0"
"setvar:ip.dos_block_counter=+1,
setvar:ip.dos_block_flag=1,
expirevar:ip.dos_block_flag=60,
setvar:tx.dos_block_counter=%{ip.dos_block_counter},
setvar:ip.dos_block_counter=0"
The text was updated successfully, but these errors were encountered: