在自定义配置文件加入下面这行
# bursts
SecAction "id:'900011',phase:1,t:none,setvar:'tx.dos_burst_time_slice=60',setvar:'tx.dos_counter_threshold=100',setvar:'tx.dos_block_timeout=600',nolog,pass"
设置时间区间60秒,在该时间内,最多发起请求100次。
防止OS Command攻击
#
# OS Command Injection Attacks
#
# This is a paranoid sibling to 2.2.x Rule 950907.
# The rule is no longer chained in order to trigger anomaly scoring.
# For 3.0.0-rc1 rule, see 932100.
#
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pmf windows-powershell-commands.data" \
"msg:'Remote Command Execution (RCE) Attempt',\
phase:request,\
rev:'2',\
ver:'OWASP_CRS/3.0.0',\
maturity:'9',\