Sample Log Output
Rule: 340145 fired (level 11) -> "Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe "
[modsecurity] [client 155.155.55.5] [domain some.random.site] [403] [/apache/20220729/20220729-0200/20220729-020022-YuMxJn8AAAEAAA8sGPgAAAAC] [file "/etc/httpd/modsecurity.d/10_asl_rules.conf"] [line "285"] [id "340145"] [rev "43"] [msg "Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe"] [data " 1=1"] [severity "CRITICAL"] [tag "SQLi"] Access denied with code 403 (phase 2). Match of "rx (?:/index\\.php/admin/catalog_category/save|(?:/admin/stats|/css/gallery-css)\\.php\\?1=1|/admin\\.php\\?tile=mail$|/catalog_category/save/key/|/\\?op=admin_settings|^/\\?openpage=|^/admin/extra|^/node/[0-9]+/edit\\?destination=admin/content|^/administ ..." against "REQUEST_URI" required.(null)Portion of the log(s):
Rule: 340145 fired (level 11) ->
Rule ID and Level of criticality
"Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe "[modsecurity]
Type of attack blocked
[client 155.155.55.5]
IP of attacker
[domain some.random.site]
Domain targeted
[403] [/apache/20220729/20220729-0200/20220729-020022-YuMxJn8AAAEAAA8sGPgAAAAC]
The path to the log of the attack
[file "/etc/httpd/modsecurity.d/10_asl_rules.conf"]
The path of the rule that was triggered
[line "285"]
The line where the rule is located in the file (/etc/httpd/modsecurity.d/10_asl_rules.conf)
[id "340145"]
The rule ID that was triggered
[rev "43"]
Revision of the rule
[msg "Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe"] [data " 1=1"]
Type of attack
[severity "CRITICAL"]
Criticality of attack
[tag "SQLi"] Access denied with code 403 (phase 2).
The error code that was given to attacker
Match of "rx (?:/index\\.php/admin/catalog_category/save|(?:/admin/stats|/css/gallery-css)\\.php\\?1=1|/admin\\.php\\?tile=mail$|/catalog_category/save/key/|/\\?op=admin_settings|^/\\?openpage=|^/admin/extra|^/node/[0-9]+/edit\\?destination=admin/content|^/administ ..." against "REQUEST_URI" required.(null)Portion of the log(s):
What the attack matched in the rule