"POST /command.php HTTP/1.0" 302 218 "-" "Wget(linux)"

Free Modsecurity rules - Comodo Web Application Fi
#1

Hello,

Is there a way to catch these posts with a 40x code ? (from /var/log/httpd/access_log)
“POST /command.php HTTP/1.0” 302 218 “-” “Wget(linux)”
“POST http://check.proxyradar.com/azenv.php?auth=147621032607&a=PSCMN&i=2745964670&p=80 HTTP/1.1” 302 278 “https://proxyradar.com/” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)”

For the moment, I get Fail2Ban which indicates this :
A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): null HTTP Response 302

Thank you

#2

Hello, your question isn’t clear for me. Do you wish to block such requests or what?
If you want block those requests than you can write your own rules or add “Wget” to the blacklisted user agents.