To verify that ModSecurity properly detects a brute-force attack
through the OpenStack Dashboard, find the appropriate alert messages
in the log files: /var/log/modsec_audit.log
and /var/log/apache2/horizon_error.log
.
For example:
Message: Access denied with code 403 (phase 2). Operator EQ matched 10 at IP:block.
[file "/etc/modsecurity/bruteforce.conf"] [line "38"] [id "00010"] [msg "Brute-force attack
detected - IP: 172.16.0.254 blocked for 10 min"]