Set ModSecurity to drop all requests from an IP

MH-Stefan · July 29, 2015, 7:43pm

Hello,

We’re dealing with an issue where requests that come through CloudFlare can bypass our firewall since they get forwarded through the CloudFlare proxy. I’ve opened a thread at LSWS suggesting that the IPs from the CSF deny list should also be applied to the LSWS deny list: Apply IP deny list from CSF due to CloudFlare | LiteSpeed Support Forums

The LSWS staff has suggested that we should set ModSecurity to “drop” these requests, instead of denying them with a 403 Forbidden error.

Is it possible to configure Comodo WAF to “drop” requests from IPs that have triggered a specific rule or a specific amount of rules?

Thank you in advance.

Regards,
Stefan

akabakov · July 30, 2015, 2:23pm

Hello,

you can changes some files:

/path_to_cwaf/cwaf/rules/00_Init_Initialization.conf
In this file in strings 16 and 19 change “deny” with “drop”.
/path_to_cwaf/cwaf/rules/03_Global_Domains.conf
In this file do the same in string 14.
restart (reload) your web-server.

But it will drop all vulnerable requests.

We’ll try to realize this function for particular issues.