Re: [mod-security-users] Filter Rules by IP Address
Brought to you by:
victorhora,
zimmerletw
From: Naveen A. <na...@gm...> - 2005-10-25 16:47:09
|
HI Ryan, I appreciate your quick response and help. I am still not able to configure it properly. Just like u said i added SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass I tried putting it right below the SecFilterEnging and other places too. And i am getting this error in the log file. Maybe i am missing something. UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE Request: 196.168.0.94 <http://196.168.0.94> - - [25/Oct/2005:11:39:02 --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232 Handler: server-parsed ---------------------------------------- GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1 User-Agent: Contribute Host: www.outreach.olemiss.edu <http://www.outreach.olemiss.edu/> Cookie: phpbb2mysql_data=3Da%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3= Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D; PHPSESSID=3D59ded4be35990378545d942f2a11c0f9 mod_security-message: Access denied with code 403. Pattern match "/tmp" at THE_REQUEST mod_security-action: 403 HTTP/1.1 403 Forbidden Content-Length: 232 Could you help me?And Just for info i am trying to configure Macromedia Contribute. Thanks a lot, naveen On 10/25/05, Ryan Barnett <rcb...@gm...> wrote: > > Naveen, > Think of the mod_security directives (SecFilter|SecFilterSelective) as yo= u > would firewall rules in that the order in which they are specified in the > httpd.conf file does matter. Again, like firewall rules, once a filter > matches the incoming HTTP request it will trigger the actions specified. > With this being said, if you want to "whitelist" an IP address to allow t= his > client access, then add in a rule like this near the top of your > Mod_Security directives - > SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass > Add this just below the mod_security general directives (such as > SecFilterEngine, etc....). > That should do it. > > -- > Ryan C. Barnett > Web Application Security Consortium (WASC) Member > CIS Apache Benchmark Project Lead > SANS Instructor: Securing Apache > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > Author: Preventing Web Attacks with Apache > On 10/25/05, Naveen Amradi <na...@gm...> wrote: > > > > HI All, > > > > Newbie of ModSecurity. I was wondering is there a way to > > open up rules for certain ip addresses. > > > > Thanks a gazillion! > > Naveen > > > > > |