0

Web Server Log analyzers are really meant to just show trends, statistics and are more geared towards an SEO/Marketing standpoint. How can I do the following in regards to HTTP(s) traffic from a security standpoint?:

  1. Flag suspicious request (such as common SQL injection techniques, /wp-admin type of activity, or X request per Y time period)
  2. Filter for the activity of a particular IP so you can easily follow what the user did while visiting your site. (more to track their requests to see if the suspicious request from above was a coincidence or intentional)
  3. Option to filter out requests for image/css/js files.

What is the Type of software called which does this? And what types of things should I Google/look in to?

d.lanza38
  • 357
  • 1
  • 6
  • 13
  • I think you need to write your own. Write something that recognises the requests you expect to get, and then what's left is suspicious. Note that requests for e.g. `foo.php.jpeg` are very suspicious. – mc0e Dec 11 '15 at 16:25
  • The class of tools you're looking for is called 'web intrusion detection' Google that. 'Web application firewall' is also relevant. – mc0e Dec 11 '15 at 16:27
  • Thank you @mc0e . I don't know if you can post an answer for me to accept due to this question being on hold. But if you can, I would accept it. I tried rewording the question so it no longer on hold, but I don't know if EEAA just didn't get to it or if the change wasn't good enough. I would appreciate some feedback on my change. – d.lanza38 Dec 14 '15 at 13:32

0 Answers0