Difference between revisions of "HIDS 60205"
(Created page with "'''Rule ID''' 60205 '''Status''' Active rule currently published. ''Message Example''' hostname mod_evasive[12345]: Blacklisting address 1.2.3.4: possible DoS attack. '''...") |
m |
||
| Line 13: | Line 13: | ||
'''Description''' | '''Description''' | ||
| − | This rule detects when the mod_evasive module is triggered. mod_evasive is a Denial Of Service | + | This rule detects when the mod_evasive module is triggered. mod_evasive is a Denial Of Service detection module for apache, it detects when an IP address exceeds a connection threshold (Example: X connections in Y seconds, or X accesses for the same page from a single IP in Y seconds). |
'''False Positives''' | '''False Positives''' | ||
Revision as of 11:51, 8 August 2011
Rule ID
60205
Status
Active rule currently published.
Message Example'
hostname mod_evasive[12345]: Blacklisting address 1.2.3.4: possible DoS attack.
Description
This rule detects when the mod_evasive module is triggered. mod_evasive is a Denial Of Service detection module for apache, it detects when an IP address exceeds a connection threshold (Example: X connections in Y seconds, or X accesses for the same page from a single IP in Y seconds).
False Positives
This rule can be falsely triggered if the configured thresholds for the system have been exceeded.
If you believe that this is a false positive, then either disable the DOS protections in ASL, increase the thresholds or whitelist the IP. The section below provides a link to the process for doing this.
Tuning Recommendations
Please see the Mod_evasive wiki page for detailed guidance.
Similar Rules
None.
