Hello everyone,
I have some questions and hope you can help:
1. We are publishing some web servers behind the firewall using WAF. There are some "Forbidden" messages and checking the Reverseproxy.log shows OWASP ModSecurity. As we can see only a simple message without any reason, we can not understand weather it's a real problem or a false positive. So, how can we do it?
I mean, is there any way to check exact reasons which Sophos refers to them form blocking the traffic? In this way, we probably can solve the weakness in our web application, and in the case of a real false positive, it is possible to safely skip the Rule ID. At the moment, developers ask for the clear problem to patch it and we can't help!
2. The Reverseproxy.log is getting bigger and bigger every second it receive success or error messages. I am looking for a way to save it out-of-box (Real time or with some delay). What do you advice?
3. The storage and analysis problem is the same for firewall reports. Disk gets full truly fast and we are looking for a solution to store the complete and detail reports about vulnerabilities, traffic, server usage, user activities and..... out-of- box. Then we wouldn't be worry about disk space and stopping the report charts. We can also archive reports for forensic and analysis.
* That would be great if solutions were based on free tools.
This thread was automatically locked due to age.
