Re: [mod-security-users] Fwd: Re: filtering based on uname
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Fwd: Re: filtering based on uname
|
From: Kim <kim...@ya...> - 2006-07-23 09:27:37
|
One more request, we need programmable actions in 1.9.x. Is it possible to cut/paste from 2.x code into 1.9.x. We are considering a WAF, mod-security along with commercials ones.
Kim <kim...@ya...> wrote:
Any more info for this, my research was limited because of time constraints.
Kim <kim...@ya...> wrote:
It is the user who logged into web application. For example uname used in login.jsp of the web application. How would I track this in rules, that is which variable contains this uname for that http session. Does it make sense.
Is there a hack to chain input and output filters in 2.0, I looked at our API README, for programmable action. Will explore more.
Thanks,
Ivan Ristic <iva...@gm...> wrote:
On 6/23/06, Kim wrote:
> Currently I am using 1.x, Is 2.x stable ?
Not yet.
> I am very newbie, where would I get the uname of the web application (from
> which variable in the predefined variables provided in the mod_security)
> compare it with joedoe, who is allowed or not allowed access to particular
> URL form submission ?
I am not sure I understand. Which "uname" are we talking about? In 1.x
you can use the username obtained from HTTP authentication. In 2.x it
is possible to teach ModSecurity how to recognise which user is
logged-in into the application, so you could use that too.
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------
Want to be your own boss? Learn how on Yahoo! Small Business. |