[mod-security-users] Complex (chained) Whitelist
Brought to you by:
victorhora,
zimmerletw
From: Joel H. <jo...@pl...> - 2009-09-23 22:36:57
|
I'm trying to setup mod_security so that when a request comes in from the LVS host, and it is for the /lvs.txt URI, it will be allowed through without logging. I came up with this: SecRule REQUEST_URI "^/lvs.txt" chain,phase:1,nolog,allow,ctl:ruleEngine=Off,ctl:auditEngine=Off SecRule REMOTE_ADDR "^192\.168\.12\.211$" Unfortunately chain doesn't seem to work as I expect, and if _anyone_ requests lvs.txt then they are allowed through. I tried switching it arround so the IP address match was first and this meant that any request from the LVS host was accepted. Could someone please explain why chain isn't working as my reading of the docs says it should, e.g. the nolog,allow should only be applied if both conditions are matched? Thanks Joel |