Im running jitsi-meet, nginx with ossec- IDS.
Doing a conference ossec is alarming:
OSSEC HIDS Notification.
2016 Jan 22 11:58:33
Received From: meet->/var/log/nginx/access.log
Rule: 31533 fired (level 10) -> "High amount of POST requests in a small
period of time (likely bot)."
Portion of the log(s):
10.100.100.12 - - [22/Jan/2016:11:58:33 +0100] "POST /http-bind?
room=dangerousbugsextinguishslyly HTTP/1.1" 200 119 "https://meet.domain.tld/
DangerousBugsExtinguishSlyly" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:
43.0) Gecko/20100101 Firefox/43.0"
and block the client.
Is this a normal behavior that there are amount of POST requests?