Folks:
 
I am contemplating this alternative in 1.9.x, since it is not possible to link user-defined actions and libraries. I am planning to use redirect as an action to URL which is a servlet to execute our program. How can I pass parameters to this servlet in querry string. Any hacks. In some cases we just have to execute a program, without any params.
 
What do you think ? I have championed mod-security in our evaluation appreciate your help in succeeding :)
 


Kim <kim.galieo@yahoo.com> wrote:
 
Any more info for this, my research was limited because of time constraints.


Kim <kim.galieo@yahoo.com> wrote:
 
It is the user who logged into web application. For example uname used in login.jsp of the web application. How would I track this in rules, that is which variable contains this uname for that http session. Does it make sense.
 
Is there a hack to chain input and output filters in 2.0, I looked at our API README, for programmable action. Will explore more. 
 
Thanks, 
 
 


Ivan Ristic <ivan.ristic@gmail.com> wrote:
On 6/23/06, Kim wrote:
> Currently I am using 1.x, Is 2.x stable ?

Not yet.


> I am very newbie, where would I get the uname of the web application (from
> which variable in the predefined variables provided in the mod_security)
> compare it with joedoe, who is allowed or not allowed access to particular
> URL form submission ?

I am not sure I understand. Which "uname" are we talking about? In 1.x
you can use the username obtained from HTTP authentication. In 2.x it
is possible to teach ModSecurity how to recognise which user is
logged-in into the application, so you could use that too.

--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com