Re: [mod-security-users] Fwd: Re: filtering based on uname
Brought to you by:
victorhora,
zimmerletw
From: Kim <kim...@ya...> - 2006-07-23 09:27:37
|
One more request, we need programmable actions in 1.9.x. Is it possible to cut/paste from 2.x code into 1.9.x. We are considering a WAF, mod-security along with commercials ones. Kim <kim...@ya...> wrote: Any more info for this, my research was limited because of time constraints. Kim <kim...@ya...> wrote: It is the user who logged into web application. For example uname used in login.jsp of the web application. How would I track this in rules, that is which variable contains this uname for that http session. Does it make sense. Is there a hack to chain input and output filters in 2.0, I looked at our API README, for programmable action. Will explore more. Thanks, Ivan Ristic <iva...@gm...> wrote: On 6/23/06, Kim wrote: > Currently I am using 1.x, Is 2.x stable ? Not yet. > I am very newbie, where would I get the uname of the web application (from > which variable in the predefined variables provided in the mod_security) > compare it with joedoe, who is allowed or not allowed access to particular > URL form submission ? I am not sure I understand. Which "uname" are we talking about? In 1.x you can use the username obtained from HTTP authentication. In 2.x it is possible to teach ModSecurity how to recognise which user is logged-in into the application, so you could use that too. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------- Want to be your own boss? Learn how on Yahoo! Small Business. |