trAvis - MANAGER

Edit File: modsecurity_crs_10_honeypot.conf

# # Add in honeypot ports. # - These are common proxy ports used by attackers # - All traffic accepted on these ports are suspicious. # Listen 8000 Listen 8080 Listen 8888 # # Create basic virtual host containers that will forward all traffic received # to the official ModSecurity Project honeypot logging host. # # - You should adjust the Document root location to an empty directory on your server # - Also adjust the path to your local ModSecurity mlogc program and for the # mlogc-honeypot-sensor.conf file. # - Make sure you main SecAuditLogType is set to concurrent mode. # <VirtualHost *:8000 *:8080 *:8888> ServerName www.example1.com DocumentRoot "/usr/local/apache/honeypot-htdocs" <Directory "/usr/local/apache/honeypot-htdocs"> Options none AllowOverride None Order allow,deny Allow from all </Directory> SecAuditEngine On SecAuditLog "|/usr/local/apache/bin/mlogc /usr/local/apache/conf/mlogc-honeypot-sensor.conf" </VirtualHost>