Overly Strict Mod_Security Rule
An overly strict mod_security rule was placed into action this morning, this resulted in blocking numerous legitimate website visitors, though for only a brief period of time. In fact, our own website uptime monitoring service was temporarily blocked from accessing the server, resulting in a perceived downtime of approximately 15 minutes. Effected were any user agents that contained the words “fetch” or “site.”
This rule has been put into ‘log only’ mode, so it may be better tuned and prevent further innocent casualties.
The good news is that there have been a few more rules put into action that appear to be working well to stop the influx of ‘attack spam.’ These rules are very specific and targeted toward problem areas. They should not effect legitimate users. If, by chance, you or your visitors receive 406 errors (standard mod_security error), 412 (targeted mod_security error), or 503 (IP connection limiting in effect) let us know.
The goal, as always, is to make security filtering invisible to the legitimate user.
