Php Modsecurity规则以避免暴力攻击
我有两个网站Php Modsecurity规则以避免暴力攻击,php,rules,mod-security,Php,Rules,Mod Security,我有两个网站 http://example1.com/project1/login.php http://example2.com/project2/login.php 两者都需要登录才能使用。他们将用户名和密码发送到 /project1/action1/login_submit1.php /project2/action2/login_submit2.php 我写了一条规则来阻止它 <Location /project1/action1/login_submit1.php>
http://example1.com/project1/login.php
http://example2.com/project2/login.php
两者都需要登录才能使用。他们将用户名和密码发送到
/project1/action1/login_submit1.php
/project2/action2/login_submit2.php
我写了一条规则来阻止它
<Location /project1/action1/login_submit1.php>
SecAction "initcol:IP=%{REMOTE_ADDR},pass,nolog,id:5554"
SecRule IP:bf_block "@eq 1" \
"id:5555,deny,\
msg:'IP address blocked because of suspected brute-force attack'"
SecRule REQUEST_METHOD "^POST$" "auditlog,pass,id:5556,chain"
SecRule RESPONSE_STATUS "^[200]" "setvar:IP.bf_counter=+1"
SecRule IP:bf_counter "@ge 3" \
"id:5557,auditlog, phase:5,pass,t:none, \
setvar:IP.bf_block=1,\
setvar:!IP.bf_counter,\
expirevar:IP.bf_block=30"
</Location>
SecAction“initcol:IP=%{REMOTE_ADDR},pass,nolog,id:5554”
SecRule IP:bf_块“@eq 1”\
“身份证号码:5555,否认\
msg:“IP地址因涉嫌暴力攻击而被阻止”
SecRule请求\方法“^POST$”审核日志,通过,id:5556,链
SecRule响应_状态“^[200]”setvar:IP.bf_计数器=+1
SecRule IP:bf_计数器“@ge 3”\
“id:5557,审核日志,阶段:5,通过,t:无\
setvar:IP.bf_块=1\
setvar:!IP.bf_计数器\
expirevar:IP.bf_块=30“
但由于它使用位置标签,所以它仍然可以阻止对单个web的攻击。
现在,我想定制一个规则来保护这两个网站免受暴力攻击。这意味着任何web应用程序都可以使用该规则。
有什么想法吗