Wordpress and rule 343434

Customer support forums for the modsecurity rules feed. There is no such thing as a bad question here as long as it pertains to using the real time modsecurity rules feed. Newbies feel free to get help getting started or asking questions that may be obvious.
Post Reply
User avatar
innovot
Forum User
Forum User
Posts: 12
Joined: Mon Dec 17, 2012 1:20 pm
Location: UK

Wordpress and rule 343434

Unread post by innovot »

Hello,

am hitting this rule when uploading new Wordpress Themes

Code: Select all

[modsecurity] [client xxx.xxx.xxx.xxx] [domain xxxxxxxxxxxxxxxxxxx] [408] [/apache/20140515/20140515-0822/20140515-082227-U3Rq9qweCA4AAFQ-O9AAAAAH]  [file "/etc/httpd/modsecurity.d/asl_rules/03_asl_dos.conf"] [line "36"] [id "343434"] [rev "1"] [msg "Atomicorp.com WAF Rules: Client Connection dropped by Apache due to slow connection, possible Slowaris attack"] [severity "WARNING"] Warning. String match "408" at RESPONSE_STATUS.
How best to tune it please ?
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Wordpress and rule 343434

Unread post by mikeshinn »

Thanks for your question. This rule doesnt block anything, it just reports when apache has dropped a connection with a 408 error. You'll find more information about this at the URL below:

https://www.atomicorp.com/wiki/index.php/WAF_343434

To that end, the rule isnt what you need to adjust (because the rule doesnt cause this, it just reports an apache event, changing the rule wont do anything), its whatever is generating the 408 error(s) you need to change. For example, if you use modreqtimeout your configuration may need to be adjusted to allow slower connections.
Top
Post Reply

Return to “Atomicorp Modsecurity Rules Support”