识别异常资源,并对于异常访问记录日志和作出暂停响应的回应,阻断CSRF蠕虫进攻。
SecAction "phase:1,id:'981082',t:none,nolog,pass,initcol:resource=%{request_headers.host}_%{request_filename},setvar:resource.pattern_threshold=50,setvar:resource.confidence_counter_threshold=100"
SecRule RESOURCE:UPDATE_RATE "@gt 1000" "id:'999600',phase:5,t:none,pass,msg:'Resource Update Rate Threshold Exceeded.',setvar:resource.disable_resource=1,expirevar:resource.disable_resource=3600'"
SecRule RESOURCE:DISABLE_RESOURCE "@eq 1" "id:'999601',phase:1,t:none,redirect:http://172.27.203.81:8080/news/news/error.php,msg:'Access to Resource Temporariy Denied Due to High Usage.'"