Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 6724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF in monitoring mode

MDR
While my WAF is in monitoring mode , can I find out what attacks would be blocked if I switch over into rejecting mode ,


This thread was automatically locked due to age.
Parents
  • 0
    I use Search log files - WAF log - Search term: modsecurity
    Then I see lines like:

    [client 198.20.69.74] ModSecurity: Warning. Pattern match "^5\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "my.url"] [uri "/"] [unique_id "VO5xAsOShSEAABz8O6sAAABD"]


    [id "970901"] is rule number I need to know
Reply
  • 0
    I use Search log files - WAF log - Search term: modsecurity
    Then I see lines like:

    [client 198.20.69.74] ModSecurity: Warning. Pattern match "^5\\d{2}$" at RESPONSE_STATUS. [file "/usr/apache/conf/waf/modsecurity_crs_outbound.conf"] [line "53"] [id "970901"] [rev "2"] [msg "The application is not available"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [hostname "my.url"] [uri "/"] [unique_id "VO5xAsOShSEAABz8O6sAAABD"]


    [id "970901"] is rule number I need to know
Children
No Data
Unfiltered HTML