OK, well then you should be able to place a new filter at the top of your rules file to tell mod_security to allow all requests from that specific IP by changing the default action to "allow" -
 
SecFilterSelective REMOTE_ADDR 192.168.1.100 allow
 
See the user manual (pg. 21) - http://www.modsecurity.org/documentation/modsecurity-manual.pdf
 
-Ryan

 
On 8/30/05, Achim Hoffmann <kirke11@securenet.de> wrote:
my goal is to have mod_security active all the time (SecFilterEngine On), but
not active for a specific IP.
I'm asking for a simple general switch like  "SecFilterEngine Off"  but just for
an IP. I want to have all rules disabled for that IP while still active for all
others ('cause it is a live server).

Does this better describe what I need?


Ryan Barnett wrote on 30.08.2005 16:30:
> Not sure if I am missing what you are trying to test, however based on
> your first sentence, you should just be able to set SecFilterEngine
> Off.  If you only want to disable the tests for specific
> SecFilterSelective REMOTE_ADDR XXX.XXX.XXX.XXX rules, you may be out of
> luck.

>The SecFilterEngine directive is an all or nothing setting.

That's how I understand it and why I'm asking here ;-)


>
> --
> Ryan C. Barnett
> Web Application Security Consortium (WASC) Member
> CIS Apache Benchmark Project Lead
> SANS Instructor: Securing Apache
> GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
>
>
> On 8/30/05, *Achim Hoffmann* <kirke11@securenet.de
> <mailto: kirke11@securenet.de>> wrote:
>
>     for testing a live platform I need to disable mod_security.
>     I know that SecFilterSelective can be triggered on REMOTE_ADDR, but
>     I'm unshure if it can
>     be used to disable *all* tests for a specific IP without changing
>     all rules from
>     SecFilter to SecFilterSelective.
>
>     Does someone have an example to achieve this?
>
>     Thanks
>     Achim
>
>
>     -------------------------------------------------------
>     SF.Net email is Sponsored by the Better Software Conference & EXPO
>     September 19-22, 2005 * San Francisco, CA * Development Lifecycle
>     Practices
>     Agile & Plan-Driven Development * Managing Projects & Teams *
>     Testing & QA
>     Security * Process Improvement & Measurement *
>     http://www.sqe.com/bsce5sf
>     _______________________________________________
>     mod-security-users mailing list
>     mod-security-users@lists.sourceforge.net
>     <mailto:mod-security-users@lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
>
>


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users



--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC