Rory Savage rorysavage77
🎯
rorysavage77
/ something.rb
Last active
August 29, 2015 14:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| modSecurityLog="./logs/modsec_audit.log" | |
| securityString1="POST /activfoundation/login/oauth/facebook/callback" | |
| securityString2="HTTP/1.1 400 Bad Request" | |
| detailString="CF-Connecting-IP:" | |
| modsecLogFile="./logs/modsec_audit.log" | |
| $/ = "-Z--\n"; ## Input Record Seperator to create chunk | |
| iparray = [] | |
| timeary = [] |
rorysavage77
/ gist:b5954e00090eec85cfdc
Created
March 31, 2015 18:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/ruby | |
| ################################################################## | |
| ## modruby - a tools for parsing the modsecurity audit logs and ## | |
| ## taking action. ## | |
| ################################################################## | |
| $modSecurityLog="./logs/modsec_audit.log" | |
| $securityString1="POST /activfoundation/login/oauth/facebook/callback" | |
| $securityString2="HTTP/1.1 400 Bad Request" |
rorysavage77
/ gist:6ff9eaf5716fe4edc52d
Created
March 31, 2015 18:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| chunk.each_line do |line| | |
| if line =~ /CF-Connecting-IP: (\d+.\d+.\d+.\d+)/ | |
| cfConntingIp = line.split("CF-Connecting-IP: ", 2) | |
| puts cfConntingIp | |
| end | |
| end |