[Owasp-modsecurity-core-rule-set] How to block one ip address for a period of time
jamuse at gmail.com
Wed Nov 2 05:02:14 EDT 2011
On Wed, Nov 2, 2011 at 4:55 AM, dreamice <dreamice.jiang at gmail.com> wrote:
> Dear all,
> I want to write a rule to block an IP address for a period of time, for
> example 5 minutes.
> How can I write this rule?
The following example assumes you want to block IPs that send a
request that have the string blockme in an argument value:
# Initialize the IP collection
# Block IP for 300 seconds
SecRule ARGS blockme
# Enforce blocking
SecRule IP:BLOCKED "@eq 1" "phase:1,deny,log"
More information about the Owasp-modsecurity-core-rule-set