I have attached my conf file. WOuld you please look at it. I have placed the rule right below the SecFilterEngine. In that case wont that rule be higher than other ones. Maybe i am sounding dumb. I am trying to read the book and understand slowly.
I would appreciate if you can look at the conf file.
Everyone on this list is so active helpful.
Thanks a lot,
On 10/25/05, Christopher Murley <firstname.lastname@example.org> wrote:
HI Naveen, your problem isn't with the IP rule you created. You error was:
mod_security-message: Access denied with code 403. Pattern match "/tmp" at
The request you sent:
GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232
has /TMP (lowercased) /tmp in it. You must have another rule higher in
your chain thats disallowing URLS referencing /tmp.
Naveen Amradi said:
> HI Ryan,
> I appreciate your quick response and help.
> I am still not able to configure it properly.
> Just like u said i added
> SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass
> I tried putting it right below the SecFilterEnging and other places too.
> And i am getting this error in the log file. Maybe i am missing something.
> UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE
> Request: 22.214.171.124 <
http://126.96.36.199> - - [25/Oct/2005:11:39:02
> --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232
> Handler: server-parsed
> GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1
> User-Agent: Contribute
> Host: www.outreach.olemiss.edu <http://www.outreach.olemiss.edu/>
> mod_security-message: Access denied with code 403. Pattern match "/tmp" at
> mod_security-action: 403
> HTTP/1.1 403 Forbidden
> Content-Length: 232
> Could you help me?And Just for info i am trying to configure Macromedia
> Thanks a lot,
> On 10/25/05, Ryan Barnett <email@example.com> wrote:
>> Think of the mod_security directives (SecFilter|SecFilterSelective) as
>> would firewall rules in that the order in which they are specified in
>> httpd.conf file does matter. Again, like firewall rules, once a filter
>> matches the incoming HTTP request it will trigger the actions specified.
>> With this being said, if you want to "whitelist" an IP address to allow
>> client access, then add in a rule like this near the top of your
>> Mod_Security directives -
>> SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass
>> Add this just below the mod_security general directives (such as
>> SecFilterEngine, etc....).
>> That should do it.
>> Ryan C. Barnett
>> Web Application Security Consortium (WASC) Member
>> CIS Apache Benchmark Project Lead
>> SANS Instructor: Securing Apache
>> GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
>> Author: Preventing Web Attacks with Apache
>> On 10/25/05, Naveen Amradi <firstname.lastname@example.org> wrote:
>> > HI All,
>> > Newbie of ModSecurity. I was wondering is there a way to
>> > open up rules for certain ip addresses.
>> > Thanks a gazillion!
>> > Naveen