Re: [mod-security-users] Filter Rules by IP Address
Brought to you by:
victorhora,
zimmerletw
From: Christopher M. <mu...@to...> - 2005-10-25 16:53:53
|
HI Naveen, your problem isn't with the IP rule you created. You error was: mod_security-message: Access denied with code 403. Pattern match "/tmp" at THE_REQUEST The request you sent: GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232 has /TMP (lowercased) /tmp in it. You must have another rule higher in your chain thats disallowing URLS referencing /tmp. -- Regards, -Chris _______________________________________________ Christopher Murley Network Administrator TownNews.Com 800.293.9576 Naveen Amradi said: > HI Ryan, > I appreciate your quick response and help. > I am still not able to configure it properly. > Just like u said i added > > SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass > I tried putting it right below the SecFilterEnging and other places too. > And i am getting this error in the log file. Maybe i am missing something. > > UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE > Request: 196.168.0.94 <http://196.168.0.94> - - [25/Oct/2005:11:39:02 > --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232 > Handler: server-parsed > ---------------------------------------- > GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1 > User-Agent: Contribute > Host: www.outreach.olemiss.edu <http://www.outreach.olemiss.edu/> > Cookie: > phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D; > PHPSESSID=59ded4be35990378545d942f2a11c0f9 > mod_security-message: Access denied with code 403. Pattern match "/tmp" at > THE_REQUEST > mod_security-action: 403 > > HTTP/1.1 403 Forbidden > Content-Length: 232 > > Could you help me?And Just for info i am trying to configure Macromedia > Contribute. > > Thanks a lot, > > naveen > > On 10/25/05, Ryan Barnett <rcb...@gm...> wrote: >> >> Naveen, >> Think of the mod_security directives (SecFilter|SecFilterSelective) as >> you >> would firewall rules in that the order in which they are specified in >> the >> httpd.conf file does matter. Again, like firewall rules, once a filter >> matches the incoming HTTP request it will trigger the actions specified. >> With this being said, if you want to "whitelist" an IP address to allow >> this >> client access, then add in a rule like this near the top of your >> Mod_Security directives - >> SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass >> Add this just below the mod_security general directives (such as >> SecFilterEngine, etc....). >> That should do it. >> >> -- >> Ryan C. Barnett >> Web Application Security Consortium (WASC) Member >> CIS Apache Benchmark Project Lead >> SANS Instructor: Securing Apache >> GCIA, GCFA, GCIH, GSNA, GCUX, GSEC >> Author: Preventing Web Attacks with Apache >> On 10/25/05, Naveen Amradi <na...@gm...> wrote: >> > >> > HI All, >> > >> > Newbie of ModSecurity. I was wondering is there a way to >> > open up rules for certain ip addresses. >> > >> > Thanks a gazillion! >> > Naveen >> >> >> >> >> > |