Issue
How to change the time limits for the xml-rpc requests?
Environment
- Imunify360
Solution
1. Set the parameters in the configuration /etc/sysconfig/imunify360/imunify360.config as follows:
MOD_SEC_BLOCK_BY_CUSTOM_RULE:
"33339":
check_period: 60
max_incidents: 20
- 33339 is a rule which analyzes the xml-rpc queries
- the check_period parameter indicates a period in seconds during which an incident from the same IP will be recorded as a repeated
In addition, you can modify the CAPTCHA_DOS parameters to make the Captcha challenge more strict. You can decrease the max_count and increase the timeout – the attackers' IPs will be blocked quickly and for a longer period:
imunify360-agent config update '{"CAPTCHA_DOS": {"enabled": true, "max_count": 50, "time_frame": 21600, "timeout": 864000}}'
With such approach custom thresholds can be applied to other Imunify360 monitoring ModSec rules. However, please keep in mind that setting these parameters with a significant difference may affect the valid users.
Useful links
The description of the parametes is provided here: https://docs.imunify360.com/config_file_description/#config-file-description
Comments
0 comments
Please sign in to leave a comment.