Brute force protection for custom URL

George_Fusioned · April 2, 2019, 8:12am

Hello,

I have a customer who is getting hit on a specific URL of a car hire booking engine. Requests are coming in pretty high rates (more than 10/sec), and usually they’re from 2-3 specific IPs so I was able to block them manually. This is a reactive approach though, so I wanted to implement a modsecurity solution to automate this.

The abusive request is this:


x.x.x.x - - [02/Apr/2019:07:56:50 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/1.1" 200 12 "https://[domain]/online?step=checkout" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"

(I see tens of thousands of lines like this when the site is getting hit)

I tried using the userdata_login_pages file and added both

/online-admin/index.php?controller=pjFront&action=pjActionCheckingSession

and

online-admin

but it didn’t make any difference. Even after hundreds of requests within a minute, the abuser gets a 200 response.

Any ideas?

Thanks in advance,
George

maryprincyedward · April 2, 2019, 12:40pm

George_Fusioned post:1:

Hello,

I have a customer who is getting hit on a specific URL of a car hire booking engine. Requests are coming in pretty high rates (more than 10/sec), and usually they’re from 2-3 specific IPs so I was able to block them manually. This is a reactive approach though, so I wanted to implement a modsecurity solution to automate this.

The abusive request is this:
x.x.x.x - - [02/Apr/2019:07:56:50 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/1.1" 200 12 "https://[domain]/online?step=checkout" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
(I see tens of thousands of lines like this when the site is getting hit)

I tried using the userdata_login_pages file and added both
/online-admin/index.php?controller=pjFront&action=pjActionCheckingSession
and
online-admin
but it didn’t make any difference. Even after hundreds of requests within a minute, the abuser gets a 200 response.

Any ideas?

Thanks in advance,
George

Hello,

You can add your custom rule via userdata tab in CWAF plugin. I hope the following link may help you, Comodo Help.

George_Fusioned · April 2, 2019, 12:44pm

Hi, I’m using the Comodo rules via the cPanel vendor option.
Is it recommended to remove them from there and use the CWAF plugin instead? I’m running cPanel with LiteSpeed.

George_Fusioned · April 2, 2019, 2:02pm

I removed the Comodo rules from the cPanel vendor interface, and installed the CWAF plugin.
I went to Catalog and set “Bruteforce” to ON.
Then I went to userdata and under Login pages added:


/online-admin/index.php?controller=pjFront&action=pjActionCheckingSession

saved, restarted LiteSpeed, but again it doesn’t work:


x.x.x.x - - [02/Apr/2019:11:56:03 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:04 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:04 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:04 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:35 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:35 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:35 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:36 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:36 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:36 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:37 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:37 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:39 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:39 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"

maryprincyedward · April 4, 2019, 11:59am

George_Fusioned post:4:

I removed the Comodo rules from the cPanel vendor interface, and installed the CWAF plugin.
I went to Catalog and set “Bruteforce” to ON.
Then I went to userdata and under Login pages added:


/online-admin/index.php?controller=pjFront&action=pjActionCheckingSession

saved, restarted LiteSpeed, but again it doesn’t work:


x.x.x.x - - [02/Apr/2019:11:56:03 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:04 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:04 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:04 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:05 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:06 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:07 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:08 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:34 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:35 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:35 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:35 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:36 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:36 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:36 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:37 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:37 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:38 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:39 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:39 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:40 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"
x.x.x.x - - [02/Apr/2019:11:56:41 +0000] "GET /online-admin/index.php?controller=pjFront&action=pjActionCheckingSession HTTP/2" 200 12 "https://domain.com/online?step=cars" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36"

Hello,

As investigated it is a DOS attack. We have rule to prevent DOS, provided it should enabled by the user. Unfortunately we can’t add signatures for custom site to our rule set.