/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/util/honeypot-sensor
# # Add in honeypot ports. # - These are common proxy ports used by attackers # - All traffic accepted on these ports are suspicious. # Listen 8000 Listen 8080 Listen 8888 # # Create basic virtual host containers that will forward all traffic received # to the official ModSecurity Project honeypot logging host. # # - You should adjust the Document root location to an empty directory on your server # - Also adjust the path to your local ModSecurity mlogc program and for the # mlogc-honeypot-sensor.conf file. # - Make sure you main SecAuditLogType is set to concurrent mode. # <VirtualHost *:8000 *:8080 *:8888> ServerName www.example1.com DocumentRoot "/usr/local/apache/honeypot-htdocs" <Directory "/usr/local/apache/honeypot-htdocs"> Options none AllowOverride None Order allow,deny Allow from all </Directory> SecAuditEngine On SecAuditLog "|/usr/local/apache/bin/mlogc /usr/local/apache/conf/mlogc-honeypot-sensor.conf" </VirtualHost>
.
Edit
..
Edit
README.md
Edit
mlogc-honeypot-sensor.conf.example
Edit
modsecurity_crs_10_honeypot.conf.example
Edit