Hi, On Thu, Mar 12, 2015 at 4:13 AM, el kalin <kalin@xxxxxx> wrote: > > so far i have tried this: > > with mod_security (within modsecurity.conf): > > SecRule REQUEST_URI "\?info_hash\=" "phase:2,id:'10000002',t:none,rev:1,severity:2,log,deny,msg:'Torrent Announce Hit Detected'" > > here i can see in the audit log that "Connection: closed" but i can still > see all the request in the virtual domain's log (vs the mod sec_audit log). > and still see the http ESTABLISHED connections (via netstat) just > lingering. I think you need either an action that drops the connection (deny => drop, without any response!), or a status code that implies "Connection: close" (deny,status=503 for example, whereas the default 403 keeps the connection alive). > > with mod_rewrite (in global context): > > <IfModule mod_rewrite.c> > RewriteEngine on > RewriteRule ^/announce$ - [F] > RewriteRule ^/announce\.php$ - [F] > </IfModule> > > also > > <Directory /path/to/affected/virtual/domain/document/root> > RewriteEngine On > RewriteRule ^/announce$ - [F] > RewriteRule ^/announce\.php$ - [F] > </Directory> Same here with [R=503] (and prossibly the L flag too). Regards, Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|