Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: 404 Project: Compatible with mod_security? - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
404 Project: Compatible with mod_security?
I was interested in participating in the 404 Project. However, all of my web infrastructure is front-ended by a reverse proxy cluster with various firewall features including mod_security, so it's extremely unusual to see a 404 response going back. Typically I'm sending back a 403 from the proxy. You really don't see much trolling that comes along with correct host headers that will even let it get past the proxy, plus most trolling is toxic so it gets killed at the proxy even with valid headers.

I'm just wondering if you have a suggestion for submissions from less than simple environments that don't have a simple 404 behavior that will still give what you're looking for?

1 Posts
Don't have anything yet for mod_security, but I am using it as well, so let me see what we can use. The problem will be that mod_security and similar systems are configured very differently from install to install, so the script to extract the logs would need to be customized. Anonymous

ISC Handler

Sign Up for Free or Log In to start participating in the conversation!