Re: [mod-security-users] Block access to web-app based on source IP
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <rya...@br...> - 2010-01-13 17:30:07
|
On Wednesday 13 January 2010 12:02:09 pm Clayton Dillard wrote: > We have JBoss web application that is front-ended with Apache and we > want to only allow access to /path-to-app/start-page for our internal IP > ranges. We've tried using the Apache <Directory> and <LocationMatch> > and <Location> directives with allow and deny but I think since this is > actually a Jboss app, it's not working as intended. > > Can ModSecurity be setup to allow access to /path-to-app/start-page > based on source IP? If so, can someone offer some pointers on how we > would do that, or references to the docs that talk about how? > > Thanks! > CTD > Try this - SecRule REQUEST_URI "@streq /path-to-app/start-page" "chain,phase:1,t:none,log,block,msg:'External IP Address Access Attempt.'" SecRule REMOTE_ADDR "!^10\.10\.10\.1$" You will need to update the IP address ranges appropriately. -Ryan |