Detect user agent and execute action #3184
Comments
|
Hi @AngelSamuel, sorry for the late reply. I think the problem in your solution is here: Your variable will be initialized with 0 in every transactions, and will never reach the value of 10. I think you need to use a persistent storage to store this value (I assume you want to count the requests by IP), so you need to use the Please first read the relevant part: (you didn't mention the used version) https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#persistent-storage and I'm sure CRS's DOS plugin is a good reference, if you want to understand the behavior: |
|
@AngelSamuel is there anything we can help you? If not, could you close this issue? |
|
Another remark: "@contains ?iRocket/Preload" is incorrect. |
Hello!
I would like to know what would be the best way I can do something similar to this (taken from ChatGPT). I would need to detect when there are many WP Rocket requests (User Agent -> “WP Rocket/Preload”) and if it exceeds more than X requests, execute a request to an external server to have it monitored Would it be possible?
So far what I have, which does not work, is:
SecAction "id:400020,phase:1,nolog,pass,t:none,setvar:tx.wp_rocket_counter=0"
SecRule REQUEST_HEADERS:User-Agent "@contains ?iRocket/Preload"
"id:400021,phase:1,nolog,pass,setvar:tx.wp_rocket_counter=+1"
SecRule TX:wp_rocket_counter "@gt 10"
"id:400022,phase:2,log,deny,status:403,msg:'Too many Rocket/Preload requests detected',
exec:'/usr/bin/curl --user-agent "phmodsec" -X POST https://api.domain.com/alert.php -d "alert=Too many Rocket/Preload requests detected"'"
Hopefully someone can lend a hand!
The text was updated successfully, but these errors were encountered: