Request: 18.104.22.168 - - [25/Oct/2005:11:39:02 --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232
GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1
Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D; PHPSESSID=59ded4be35990378545d942f2a11c0f9
mod_security-message: Access denied with code 403. Pattern match "/tmp" at THE_REQUEST
HTTP/1.1 403 Forbidden
Could you help me?And Just for info i am trying to configure Macromedia Contribute.
Thanks a lot,
Naveen,Think of the mod_security directives (SecFilter|SecFilterSelective) as you would firewall rules in that the order in which they are specified in the httpd.conf file does matter. Again, like firewall rules, once a filter matches the incoming HTTP request it will trigger the actions specified. With this being said, if you want to "whitelist" an IP address to allow this client access, then add in a rule like this near the top of your Mod_Security directives -SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,passAdd this just below the mod_security general directives (such as SecFilterEngine, etc....).That should do it.
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with ApacheOn 10/25/05, Naveen Amradi <firstname.lastname@example.org > wrote:HI All,
Newbie of ModSecurity. I was wondering is there a way to
open up rules for certain ip addresses.
Thanks a gazillion!