Skip to content

Instantly share code, notes, and snippets.

🎯
Focusing

Rory Savage rorysavage77

🎯
Focusing
Block or report user

Report or block rorysavage77

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View something.rb
modSecurityLog="./logs/modsec_audit.log"
securityString1="POST /activfoundation/login/oauth/facebook/callback"
securityString2="HTTP/1.1 400 Bad Request"
detailString="CF-Connecting-IP:"
modsecLogFile="./logs/modsec_audit.log"
$/ = "-Z--\n"; ## Input Record Seperator to create chunk
iparray = []
timeary = []
View gist:b5954e00090eec85cfdc
#!/bin/ruby
##################################################################
## modruby - a tools for parsing the modsecurity audit logs and ##
## taking action. ##
##################################################################
$modSecurityLog="./logs/modsec_audit.log"
$securityString1="POST /activfoundation/login/oauth/facebook/callback"
$securityString2="HTTP/1.1 400 Bad Request"
View gist:6ff9eaf5716fe4edc52d
chunk.each_line do |line|
if line =~ /CF-Connecting-IP: (\d+.\d+.\d+.\d+)/
cfConntingIp = line.split("CF-Connecting-IP: ", 2)
puts cfConntingIp
end
end
You can’t perform that action at this time.