Re: [mod-security-users] Issues with "SecRuleUpdateTargetByTag" and Apache-Location
Brought to you by:
victorhora,
zimmerletw
From: Jose P. V. L. <pab...@gm...> - 2013-10-31 09:24:06
|
Hi again. In this link (http://sourceforge.net/mailarchive/message.php?msg_id=31395454) that directive is used as follows: SecRule REQUEST_URI "/login.pl" "phase:1,t:none,pass, \ id:613,nolog,ctl:ruleRemoveTargetByTag=WEB_ATTACK/SQL_INJECTION;ARGS:password As a normal firewall, it seems mod_security needs rule enabling before the general rule disabling (In a normal firewall, top firewall rules enables services while bottom rules denied all access). I´ll hope this can help you. Kind regards, 2013/10/30 Josh Amishav-Zlatin <ja...@ow...> > On Wed, Oct 30, 2013 at 3:57 PM, Jan Phillip Greimann <jg...@so...>wrote: > >> Hi Josh, >> >> I've got a second problem: >> >> SecRule REQUEST_FILENAME "^/../login$" >> >> "phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION|XSS|LDAP_INJECTION)|PROTOCOL_VIOLATION/EVASION);ARGS:login[password]" >> >> > Hi Jan, > > As a workaround perhaps tweak the regex to bypass the problematic > characters, e.g.: > > SecRule REQUEST_FILENAME "^/../login$" > "phase:1,id:1005,t:none,nolog,pass,ctl:ruleRemoveTargetByTag=OWASP_CRS.*WEB_ATTACK.*SQL_INJECTION.XSS.LDAP_INJECTION.*PROTOCOL_VIOLATION.*EVASION.*;ARGS:login[password]" > > -- > - Josh > > is one of my rules. In my logic it should work, but I get the following >> error: >> >> Syntax error on line 23 of >> /etc/modsecurity/modsecurity_crs_15_pre_custom.conf: >> Error parsing actions: ModSecurity: Invalid regular expression >> "OWASP_CRS/(WEB_ATTACK/(SQL_INJECTION" >> Action 'configtest' failed. >> The Apache error log may have more information. >> failed! >> >> Where is the problem, in my opinion it's right. :-/ >> >> >> >> ------------------------------------------------------------------------------ >> Android is increasing in popularity, but the open development platform >> that >> developers love is also attractive to malware creators. Download this >> white >> paper to learn more about secure code signing practices that can help keep >> Android apps secure. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > > > > ------------------------------------------------------------------------------ > Android is increasing in popularity, but the open development platform that > developers love is also attractive to malware creators. Download this white > paper to learn more about secure code signing practices that can help keep > Android apps secure. > http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |