Mensaje archivado #313 de la Lista ecs-isp@2rosenthals.com

De: "Massimo S." <ecs-isp@2rosenthals.com> Encabezados Completos
Mensaje no decodificado
Asunto: Re: [eCS-ISP] unwanted bots
Fecha: Mon, 19 Apr 2021 21:39:30 +0200
Para: eCS ISP Mailing List <ecs-isp@2rosenthals.com>



Il 19/04/2021 16:58, Steven Levine ha scritto:
In <list-1821020@2rosenthals.com>, on 04/19/21
    at 11:18 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

thanks, but it seems is not working

Why would you expect it to?

Ian, FWIW, Massimo is trying to do URL matching, whic does allow
wildcards.

Massimo, that said, you are trying to match a URL to a User-Agent name
which is almost never going to work.

What you need to do is match on the bot name in the User-Agent header.

I recommend you start with a logging rule so you can see what the packet
actually contains.  Baring typos, you want:

Log-mj12_2-URLs
    Comment = "Log HTTP requests for MJ bot",
    Destination-Port = "80 443",
    Log-Control = Enabled,
    Log-Mask = "date time severity message rule source resolved_source prot
packet_data",
    Log-Severity = Major,
    Hex-String = "<nocase>12bot",
    Depth = 200
    Rule-Action = Log,
    Direction = Incoming

Once you understand the packet you want to match on, you can convert this
into a Deny Rule-Action, tuning the Depth and Log-Mask to optimized the
filter performance.

FWIW, if this were my problem, I would use an observe rule to blacklist
the source.

Massimo, is the really the logged URL:

   /referenze.html/.../referenze.html/

It does not look valid to me.  If you edited it, don't do that in the
future.  I am only willing to try so hard to help you.

Steven

yes, the string is much more long i've added the points too :)

thanks

massimo


Suscribirse: Todos, Compendio, Indice.
Desuscribirse
Correo al dueño de la Lista