Comments (18)
That would be 0x42.ch
in your case?
from modsecurity.
Yes
from modsecurity.
Do you happen to know if the apache / ModSec2 docker container has the same problem?
from modsecurity.
No, sorry. I only use the Nginx version.
from modsecurity.
@ne20002 thanks for the report.
Could you provide an example, how can I try the explained behavior?
It does not happen from other containers in the pod nor any other system in my network.
This means the "vanilla" ModSecurity instance does not do this?
from modsecurity.
This means the "vanilla" ModSecurity instance does not do this?
No, this just means that no other server in my network creates dns requests with the seen postfix. It's just the queries created by the @rbl checks.
This is the part in my config:
# xbl.spamhaus.org to block malicious/infected ips
SecRule IP:PREVIOUS_RBL_CHECK "@eq 1" "phase:1,id:910201,t:none,pass,nolog,skipAfter:END_RBL_LOOKUP"
SecRule REMOTE_ADDR "@rbl xbl.spamhaus.org" \
"phase:1,id:910202,\
t:none,pass,nolog,auditlog,\
msg:'RBL Match for SPAM Source',\
tag:'AUTOMATION/MALICIOUS',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:ip.spammer=1,\
expirevar:ip.spammer=86400,\
setvar:ip.previous_rbl_check=1,\
expirevar:ip.previous_rbl_check=86400,\
skipAfter:END_RBL_CHECK"
SecAction "phase:1,id:910203,\
t:none,nolog,pass,\
setvar:ip.previous_rbl_check=1,\
expirevar:ip.previous_rbl_check=3600"
SecMarker END_RBL_LOOKUP
SecRule IP:SPAMMER "@eq 1" \
"phase:1,id:910204,\
t:none,pass,nolog,auditlog,\
msg:'Request from Known SPAM Source (Previous RBL Match)',\
tag:'AUTOMATION/MALICIOUS',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecMarker END_RBL_CHECK
from modsecurity.
Related Issues (20)
- SanitiseArg does not work in RequestBody
- SanitiseArg does not work in RequestBody HOT 5
- malloc error when executing make (debian11, nginx) HOT 11
- SecAuditLogFormat set to JSON prints logs in native format aswell HOT 7
- Debian package dependencies are broken HOT 10
- base64decode behaviour HOT 3
- NULL pointer checks & compiler warnings HOT 1
- SecGeoLookupDb /etc/nginx/geoip/GeoLite2-City.mmdb crashes ingress-controller if it cannot be read HOT 9
- Enhancement: Improve log statement for SecArgumentsLimit issue instead of JSON parsing error HOT 4
- SecRuleScript actions always considered disruptive HOT 1
- libmodsecurity3: Request body is not logged HOT 10
- How to disable some logs? HOT 27
- Feature request: Limit the number of rules processed per request HOT 3
- SecAuditLogPart 'E' is logged even if it is not configured HOT 7
- Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. HOT 6
- Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?
- Lua installed, but Modsecurity still dont work with it HOT 2
- Phasing out SecStatusEngine HOT 3
- Regular Expression Failure Triggers `!@rx` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity.