On Wed, Aug 7, 2013 at 1:47 AM, Jean-Francois Chevrette <jf.cron0@gmail.com> wrote:

<LocationMatch ".*admin\.php$">

SecAction "initcol:ip=%{REMOTE_ADDR},id:999400,pass,nolog"
SecRule REQUEST_LINE "^get .*/admin\.php" "t:lowercase,setvar:ip.get_on_admin=1,expirevar:ip.get_on_admin=1800,id:999402"

SecRule REQUEST_LINE "^post .*/admin\.php" "t:lowercase,redirect:http://google.com/,status:303,chain,id:999403"
SecRule REQUEST_HEADERS:Referer "/admin\.php$" "chain"
SecRule IP:GET_ON_ADMIN "!@eq 1"

</LocationMatch>


What wrong with it? Any suggestions on how this could be achieved?


Hi Jean-Francois,

Try changing the last part of rule 999403 to check for the existance of the GET_ON_ADMIN flag instead, i.e.:

SecRule &IP:GET_ON_ADMIN "!@eq 1"

--
 - Josh


 

Thanks!

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/