Re: [mod-security-users] IP Wildcard usage
Brought to you by:
victorhora,
zimmerletw
From: Avi A. <av...@br...> - 2008-08-26 21:09:50
|
All your examples should work, except for the second. What exactly isn't working for you? Note that in order to deny a request you will need to turn the engine from DetectionOnly to On. Try and log the rules first, to see if they work. Use this: SecRule REMOTE_ADDR "@beginsWith 60.6.203" "phase:1,log,deny,status:501" All the above applies also to your other post. HTH, Avi ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of entracity inc Sent: Tuesday, August 26, 2008 11:48 PM To: mod...@li... Subject: [mod-security-users] IP Wildcard usage I'm having a lot of trouble trying to get wildcards to work with REMOTE_ADDR - for example each of the following seem to fail: SecRule REMOTE_ADDR "@beginsWith 60.6.203" "nolog,deny,status:501,ctl:auditEngine=Off" SecRule REMOTE_ADDR "@beginsWith 60\.6\.203" "nolog,deny,status:501,ctl:auditEngine=Off" SecRule REMOTE_ADDR "^60\.6\.203\.*" "nolog,deny,status:501,ctl:auditEngine=Off" SecRule REMOTE_ADDR "^60\.6\.203\.*$" "nolog,deny,status:501,ctl:auditEngine=Off" Any help is appreciated. |