View Single Post
  #1  
Old 3rd January 2012, 22:46
mario_antonio mario_antonio is offline
Junior Member
 
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default ISPconfig heart beat and Modsecurity

I am noticing (after digging around) that the crontab that ispconfig run every minute generates a get request every five minutes ...

These are the log entries:
127.0.0.1 - - [03/Jan/2012:14:25:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:30:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:35:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:40:02 -0500] "GET / HTTP/1.0" 403 389 "-" "-"
127.0.0.1 - - [03/Jan/2012:14:45:01 -0500] "GET / HTTP/1.0" 403 389 "-" "-"

These requests are cluttering my Modsecurity logs:
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/modsecurity_rules/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "29"] [id "960008"] [rev "2.2.3"] [msg "Request Missing a Host Header"] [severity "NOTICE"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
Action: Intercepted (phase 2)

Is there a way to prevent Ispconfig from generating these type of requests ?

M.A.
Reply With Quote
Sponsored Links