Thread: [mod-security-users] Question
Brought to you by:
victorhora,
zimmerletw
From: Steve <ste...@gm...> - 2008-10-20 08:11:22
|
Hello all I have a site where I want to do something specific and I am not sure if I can do it with mod_security. Allow me quickly to make an overview: - I want 4 IP adresses and/or a certain domain to be redirected to a certain page at least every 24 hours - The main URL for the page is www.domain.tld - The redirect is a page on www.tomain.tld (aka: www.domain.tld/some-special-page) - On the redirected page, I set a cookie which is only valid till the next day at 6am I tried to do that with the following instructions: ------- SecRule REQUEST_HEADERS:Host "^(www\.)?domain\.tld$" "phase:1,chain,log,redirect:http://www.domain.tld/some-special-page" SecRule REMOTE_ADDR "^123\.456\.78[123]\.9[456]$" "chain" SecRule REQUEST_URI "!^/?some\-special\-page$" "chain,t:none,t:lowercase,t:normalisePath" SecRule &REQUEST_COOKIES_NAMES:my_cookie "@eq 0" ------- But this does not work. I get either an infinitive loop or I get the subpage but with some missing files (like no CSS allocated, etc). I am lost! Don't know how to manage my needs with mod_security. I basically just want to display the special page at least every 24 hours. Regardless of the request the user from certain IP addresses has issued in the first place. How to do that with mod_security? btw: Using mod_security v2.5.7. // Steve -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser |
From: Morgan <mo...@nm...> - 2010-08-09 10:03:59
|
Hi All. Tell my how to configure mod_security to struggle with such rubbish? Example: 77.35.55.137 - - [09/Aug/2010:12:27:39 +0400] "F\xfd'\xfb\xf6}\xa6O\x16\x9f\xc0\x8f\x06i\xb2\x0exxj#" 200 6946 91.195.210.2 - - [09/Aug/2010:12:31:52 +0400] "\xd0\xa4\xc6\x99\x1e\xa0.!{\x80%(\x84\xb9NUz\x94\x19j\x85\xb9" 400 226 95.56.63.132 - - [09/Aug/2010:12:37:22 +0400] "\xc27\x1f\x1e\xd9\x88c0y(\x92\xa5[\xbd\x05\xfc\x9e:" 200 6946 -- Morgan mailto:mo...@nm... |
From: Jamuse <ja...@gm...> - 2010-08-09 11:59:23
|
On Mon, Aug 9, 2010 at 12:34 PM, Morgan <mo...@nm...> wrote: > Hi All. > > Tell my how to configure mod_security to struggle with such rubbish? > Example: > Hi Morgan, Can you check the REQUEST_METHOD variable for a valid HTTP method? - Josh > 77.35.55.137 - - [09/Aug/2010:12:27:39 +0400] > "F\xfd'\xfb\xf6}\xa6O\x16\x9f\xc0\x8f\x06i\xb2\x0exxj#" 200 6946 > 91.195.210.2 - - [09/Aug/2010:12:31:52 +0400] > "\xd0\xa4\xc6\x99\x1e\xa0.!{\x80%(\x84\xb9NUz\x94\x19j\x85\xb9" 400 226 > 95.56.63.132 - - [09/Aug/2010:12:37:22 +0400] > "\xc27\x1f\x1e\xd9\x88c0y(\x92\xa5[\xbd\x05\xfc\x9e:" 200 6946 > > -- > Morgan mailto:mo...@nm... > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > |
From: Jamuse <ja...@gm...> - 2010-08-09 12:25:46
|
2010/8/9 Morgan <mo...@nm...> > Jamuse. > > How to do this under the apache win 32 + php? I'm just beginning to > comprehend the science ... > Hi Morgan, Something like the following should force all requests to use the GET, HEAD or POST HTTP methods. You may need to add / subtract methods based on your application's needs. SecRule REQUEST_METHOD "!^(GET|HEAD|POST)$" "phase:1,t:none,deny" -- - Josh |
From: MARTIN, J. (ATTSI) <JM...@at...> - 2010-08-09 15:45:28
|
Could that be someone attempting to connect via ssl on a non-ssl port? Also, it is odd that the webserver returned 200 for those requests. -Jason Martin -----Original Message----- From: Morgan [mailto:mo...@nm...] Sent: Monday, August 09, 2010 2:35 AM To: mod...@li... Subject: [mod-security-users] Question Hi All. Tell my how to configure mod_security to struggle with such rubbish? Example: 77.35.55.137 - - [09/Aug/2010:12:27:39 +0400] "F\xfd'\xfb\xf6}\xa6O\x16\x9f\xc0\x8f\x06i\xb2\x0exxj#" 200 6946 91.195.210.2 - - [09/Aug/2010:12:31:52 +0400] "\xd0\xa4\xc6\x99\x1e\xa0.!{\x80%(\x84\xb9NUz\x94\x19j\x85\xb9" 400 226 95.56.63.132 - - [09/Aug/2010:12:37:22 +0400] "\xc27\x1f\x1e\xd9\x88c0y(\x92\xa5[\xbd\x05\xfc\x9e:" 200 6946 -- Morgan mailto:mo...@nm... ------------------------------------------------------------------------ ------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html |
From: Morgan <mo...@nm...> - 2010-08-09 10:16:31
|
Hi All. Tell my how to configure mod_security to struggle with such rubbish? Example: 77.35.55.137 - - [09/Aug/2010:12:27:39 +0400] "F\xfd'\xfb\xf6}\xa6O\x16\x9f\xc0\x8f\x06i\xb2\x0exxj#" 200 6946 91.195.210.2 - - [09/Aug/2010:12:31:52 +0400] "\xd0\xa4\xc6\x99\x1e\xa0.!{\x80%(\x84\xb9NUz\x94\x19j\x85\xb9" 400 226 95.56.63.132 - - [09/Aug/2010:12:37:22 +0400] "\xc27\x1f\x1e\xd9\x88c0y(\x92\xa5[\xbd\x05\xfc\x9e:" 200 6946 -- Morgan mailto:mo...@nm... |
From: samaneh b. <sam...@au...> - 2013-01-22 11:14:24
|
hello i am samaneh berenjian.i am working on web attacks. i have some question i want to ask 1.mod_security is suitable for web attacks.if i want to make a web traffic on my apache server what kind of dataset can be compatible with mod_security.i want to know is ther any dataset with web traffic that i can run this traffic on it and after that i wnat mod_secutiy to detect that traffic.thank you for your replysincerely your'ssamaneh berenjian |
From: <chr...@po...> - 2008-10-20 08:56:48
|
Hey Steve, Your description is a wee bit confusing for me. Could you elaborate a bit? Also it sounds as if you could the things you want with mod_rewrite but I would need to understand your problem completely to give you real advice. regs, Christian -- Christian Folini, IT 222 Webserver Security Engineer -----Ursprüngliche Nachricht----- Von: Steve [mailto:ste...@gm...] Gesendet: Montag, 20. Oktober 2008 10:11 An: mod...@li... Betreff: [mod-security-users] Question Hello all I have a site where I want to do something specific and I am not sure if I can do it with mod_security. Allow me quickly to make an overview: - I want 4 IP adresses and/or a certain domain to be redirected to a certain page at least every 24 hours - The main URL for the page is www.domain.tld - The redirect is a page on www.tomain.tld (aka: www.domain.tld/some-special-page) - On the redirected page, I set a cookie which is only valid till the next day at 6am I tried to do that with the following instructions: ------- SecRule REQUEST_HEADERS:Host "^(www\.)?domain\.tld$" "phase:1,chain,log,redirect:http://www.domain.tld/some-special-page" SecRule REMOTE_ADDR "^123\.456\.78[123]\.9[456]$" "chain" SecRule REQUEST_URI "!^/?some\-special\-page$" "chain,t:none,t:lowercase,t:normalisePath" SecRule &REQUEST_COOKIES_NAMES:my_cookie "@eq 0" ------- But this does not work. I get either an infinitive loop or I get the subpage but with some missing files (like no CSS allocated, etc). I am lost! Don't know how to manage my needs with mod_security. I basically just want to display the special page at least every 24 hours. Regardless of the request the user from certain IP addresses has issued in the first place. How to do that with mod_security? btw: Using mod_security v2.5.7. // Steve -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Steve <ste...@gm...> - 2008-10-20 09:44:02
|
Hoi Christian :) You are right. I could probably do the same with mod_rewrite. I could probably use something like that: RewriteEngine on RewriteCond %{HTTP_HOST} ^(www\.)?domain\.tld$ [NC] RewriteCond %{QUERY_STRING} ^$ RewriteCond %{ENV:REDIRECT_STATUS} ^$ RewriteCond %{ENV:MY_STATE} !^1$ RewriteCond %{REQUEST_URI} !^/some\-special\-page$ [NC] RewriteCond %{HTTP_COOKIE} !^.*my_cookie=.*$ [NC] RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.4$ [OR] RewriteCond %{REMOTE_ADDR} ^123\.345\.67[123]\.89[456]$ [OR] RewriteCond %{REMOTE_HOST} \.external\-domain\.tld$ [NC] RewriteRule .* http://www.domain.tld/some-special-page [E=MY_STATE:1,R,L] Basically what I want is to show one certain page to users coming from a certain IP range. And I want to show that page just once every 24 hours. I want that page to be shown once and that's it. The user seeing that page should be able to continue to explore the website without again getting redirected to that certain page for 24 hours. On that certain page I do set a cookie to expire at today+1 at 06:00:00. The reason I am using a cookie is, that the addresses from the remote system are gateway/proxy addresses. If I would show the special page only based on the IP, then only one user (the first one per day) would see that special page. But I want each connecting system to see that special page at least once a day. Do you understand now better? Gruss aus Zürich Steve -------- Original-Nachricht -------- > Datum: Mon, 20 Oct 2008 10:23:40 +0200 > Von: chr...@po... > An: ste...@gm..., mod...@li... > Betreff: AW: [mod-security-users] Question > Hey Steve, > > Your description is a wee bit confusing for me. Could you elaborate a bit? > Also it sounds as if you could the things you want with mod_rewrite but I > would need to understand your problem completely to give you real advice. > > regs, > > Christian > > -- > Christian Folini, IT 222 > Webserver Security Engineer > > > -----Ursprüngliche Nachricht----- > Von: Steve [mailto:ste...@gm...] > Gesendet: Montag, 20. Oktober 2008 10:11 > An: mod...@li... > Betreff: [mod-security-users] Question > > > Hello all > > I have a site where I want to do something specific and I am not sure if I > can do it with mod_security. Allow me quickly to make an overview: > > - I want 4 IP adresses and/or a certain domain to be redirected to a > certain page at least every 24 hours > - The main URL for the page is www.domain.tld > - The redirect is a page on www.tomain.tld (aka: > www.domain.tld/some-special-page) > - On the redirected page, I set a cookie which is only valid till the next > day at 6am > > > I tried to do that with the following instructions: > ------- > SecRule REQUEST_HEADERS:Host "^(www\.)?domain\.tld$" > "phase:1,chain,log,redirect:http://www.domain.tld/some-special-page" > SecRule REMOTE_ADDR "^123\.456\.78[123]\.9[456]$" "chain" > SecRule REQUEST_URI "!^/?some\-special\-page$" > "chain,t:none,t:lowercase,t:normalisePath" > SecRule &REQUEST_COOKIES_NAMES:my_cookie "@eq 0" > ------- > > > But this does not work. I get either an infinitive loop or I get the > subpage but with some missing files (like no CSS allocated, etc). > > > I am lost! Don't know how to manage my needs with mod_security. I > basically just want to display the special page at least every 24 hours. Regardless > of the request the user from certain IP addresses has issued in the first > place. > > How to do that with mod_security? > > btw: Using mod_security v2.5.7. > > > // Steve > -- > Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen > downloaden: http://www.gmx.net/de/go/browser > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge Build the coolest Linux based applications with Moblin SDK & win great > prizes Grand prize is a trip for two to an Open Source event anywhere in the > world http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger |
From: <chr...@po...> - 2008-10-20 10:34:31
|
Hey Steve, This makes it quite clear. Thank you. There are multiple assumptions or conditions, that make it very complicated. You want branch for all URI-Paths (except your special page), there is this IP range thing and then a hostname lookup and domain check on top of it. This makes a hell of a complicated construct. The one you presented. I am sure you can get this to work - most of the time. But I propose you simplify it along the lines the other Christian proposed. Maybe a compromise between the two. Personally I would only redirect the access to http://domain.tld/ to your special subpage and ignore the IP range stuff. People who do not want to see the special page should access a sub-URI within the site or make the cookie permanent. But that's just my 2 cents. Gruss zurück aus Bern, Christian -- Christian Folini, IT 222 Webserver Security Engineer -----Ursprüngliche Nachricht----- Von: Steve [mailto:ste...@gm...] Gesendet: Montag, 20. Oktober 2008 11:41 An: mod...@li... Betreff: Re: [mod-security-users] Question Hoi Christian :) You are right. I could probably do the same with mod_rewrite. I could probably use something like that: RewriteEngine on RewriteCond %{HTTP_HOST} ^(www\.)?domain\.tld$ [NC] RewriteCond %{QUERY_STRING} ^$ RewriteCond %{ENV:REDIRECT_STATUS} ^$ RewriteCond %{ENV:MY_STATE} !^1$ RewriteCond %{REQUEST_URI} !^/some\-special\-page$ [NC] RewriteCond %{HTTP_COOKIE} !^.*my_cookie=.*$ [NC] RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.4$ [OR] RewriteCond %{REMOTE_ADDR} ^123\.345\.67[123]\.89[456]$ [OR] RewriteCond %{REMOTE_HOST} \.external\-domain\.tld$ [NC] RewriteRule .* http://www.domain.tld/some-special-page [E=MY_STATE:1,R,L] Basically what I want is to show one certain page to users coming from a certain IP range. And I want to show that page just once every 24 hours. I want that page to be shown once and that's it. The user seeing that page should be able to continue to explore the website without again getting redirected to that certain page for 24 hours. On that certain page I do set a cookie to expire at today+1 at 06:00:00. The reason I am using a cookie is, that the addresses from the remote system are gateway/proxy addresses. If I would show the special page only based on the IP, then only one user (the first one per day) would see that special page. But I want each connecting system to see that special page at least once a day. Do you understand now better? Gruss aus Zürich Steve -------- Original-Nachricht -------- > Datum: Mon, 20 Oct 2008 10:23:40 +0200 > Von: chr...@po... > An: ste...@gm..., mod...@li... > Betreff: AW: [mod-security-users] Question > Hey Steve, > > Your description is a wee bit confusing for me. Could you elaborate a bit? > Also it sounds as if you could the things you want with mod_rewrite > but I would need to understand your problem completely to give you real advice. > > regs, > > Christian > > -- > Christian Folini, IT 222 > Webserver Security Engineer > > > -----Ursprüngliche Nachricht----- > Von: Steve [mailto:ste...@gm...] > Gesendet: Montag, 20. Oktober 2008 10:11 > An: mod...@li... > Betreff: [mod-security-users] Question > > > Hello all > > I have a site where I want to do something specific and I am not sure > if I can do it with mod_security. Allow me quickly to make an overview: > > - I want 4 IP adresses and/or a certain domain to be redirected to a > certain page at least every 24 hours > - The main URL for the page is www.domain.tld > - The redirect is a page on www.tomain.tld (aka: > www.domain.tld/some-special-page) > - On the redirected page, I set a cookie which is only valid till the > next day at 6am > > > I tried to do that with the following instructions: > ------- > SecRule REQUEST_HEADERS:Host "^(www\.)?domain\.tld$" > "phase:1,chain,log,redirect:http://www.domain.tld/some-special-page" > SecRule REMOTE_ADDR "^123\.456\.78[123]\.9[456]$" "chain" > SecRule REQUEST_URI "!^/?some\-special\-page$" > "chain,t:none,t:lowercase,t:normalisePath" > SecRule &REQUEST_COOKIES_NAMES:my_cookie "@eq 0" > ------- > > > But this does not work. I get either an infinitive loop or I get the > subpage but with some missing files (like no CSS allocated, etc). > > > I am lost! Don't know how to manage my needs with mod_security. I > basically just want to display the special page at least every 24 > hours. Regardless of the request the user from certain IP addresses > has issued in the first place. > > How to do that with mod_security? > > btw: Using mod_security v2.5.7. > > > // Steve > -- > Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen > downloaden: http://www.gmx.net/de/go/browser > > ---------------------------------------------------------------------- > --- This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge Build the coolest Linux based applications with Moblin SDK & > win great prizes Grand prize is a trip for two to an Open Source event > anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users |
From: Steve <ste...@gm...> - 2008-10-20 10:32:38
|
Hello Christian It's not that easy. I can not redirect everything and say "if the user does not want the special page, then they just can click away". I really only want to show the special page every 24 hours to a certain IP range. All other IP ranges should never see that special page. I agree with you, that it is tricky. But what should I do? It's the way it needs to be implemented. Unfortunately. // Steve -------- Original-Nachricht -------- > Datum: Mon, 20 Oct 2008 12:13:02 +0200 > Von: chr...@po... > An: ste...@gm..., mod...@li... > Betreff: AW: [mod-security-users] Question > Hey Steve, > > This makes it quite clear. Thank you. > > There are multiple assumptions or conditions, that make it very > complicated. You want branch for all URI-Paths (except your > special page), there is this IP range thing and then a hostname > lookup and domain check on top of it. > This makes a hell of a complicated construct. The one you > presented. > > I am sure you can get this to work - most of the time. But > I propose you simplify it along the lines the other Christian > proposed. Maybe a compromise between the two. > > Personally I would only redirect the access to http://domain.tld/ > to your special subpage and ignore the IP range stuff. People > who do not want to see the special page should access a > sub-URI within the site or make the cookie permanent. > But that's just my 2 cents. > > Gruss zurück aus Bern, > > Christian > > -- > Christian Folini, IT 222 > Webserver Security Engineer > > > -----Ursprüngliche Nachricht----- > Von: Steve [mailto:ste...@gm...] > Gesendet: Montag, 20. Oktober 2008 11:41 > An: mod...@li... > Betreff: Re: [mod-security-users] Question > > > Hoi Christian :) > > You are right. I could probably do the same with mod_rewrite. I could > probably use something like that: > RewriteEngine on > RewriteCond %{HTTP_HOST} ^(www\.)?domain\.tld$ [NC] RewriteCond > %{QUERY_STRING} ^$ RewriteCond %{ENV:REDIRECT_STATUS} ^$ RewriteCond %{ENV:MY_STATE} > !^1$ RewriteCond %{REQUEST_URI} !^/some\-special\-page$ [NC] RewriteCond > %{HTTP_COOKIE} !^.*my_cookie=.*$ [NC] RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.4$ > [OR] RewriteCond %{REMOTE_ADDR} ^123\.345\.67[123]\.89[456]$ [OR] > RewriteCond %{REMOTE_HOST} \.external\-domain\.tld$ [NC] RewriteRule .* > http://www.domain.tld/some-special-page [E=MY_STATE:1,R,L] > > > Basically what I want is to show one certain page to users coming from a > certain IP range. And I want to show that page just once every 24 hours. I > want that page to be shown once and that's it. The user seeing that page > should be able to continue to explore the website without again getting > redirected to that certain page for 24 hours. On that certain page I do set a > cookie to expire at today+1 at 06:00:00. The reason I am using a cookie is, > that the addresses from the remote system are gateway/proxy addresses. If I > would show the special page only based on the IP, then only one user (the > first one per day) would see that special page. But I want each connecting > system to see that special page at least once a day. > > Do you understand now better? > > > Gruss aus Zürich > > Steve > > -------- Original-Nachricht -------- > > Datum: Mon, 20 Oct 2008 10:23:40 +0200 > > Von: chr...@po... > > An: ste...@gm..., mod...@li... > > Betreff: AW: [mod-security-users] Question > > > Hey Steve, > > > > Your description is a wee bit confusing for me. Could you elaborate a > bit? > > Also it sounds as if you could the things you want with mod_rewrite > > but I would need to understand your problem completely to give you real > advice. > > > > regs, > > > > Christian > > > > -- > > Christian Folini, IT 222 > > Webserver Security Engineer > > > > > > -----Ursprüngliche Nachricht----- > > Von: Steve [mailto:ste...@gm...] > > Gesendet: Montag, 20. Oktober 2008 10:11 > > An: mod...@li... > > Betreff: [mod-security-users] Question > > > > > > Hello all > > > > I have a site where I want to do something specific and I am not sure > > if I can do it with mod_security. Allow me quickly to make an overview: > > > > - I want 4 IP adresses and/or a certain domain to be redirected to a > > certain page at least every 24 hours > > - The main URL for the page is www.domain.tld > > - The redirect is a page on www.tomain.tld (aka: > > www.domain.tld/some-special-page) > > - On the redirected page, I set a cookie which is only valid till the > > next day at 6am > > > > > > I tried to do that with the following instructions: > > ------- > > SecRule REQUEST_HEADERS:Host "^(www\.)?domain\.tld$" > > "phase:1,chain,log,redirect:http://www.domain.tld/some-special-page" > > SecRule REMOTE_ADDR "^123\.456\.78[123]\.9[456]$" "chain" > > SecRule REQUEST_URI "!^/?some\-special\-page$" > > "chain,t:none,t:lowercase,t:normalisePath" > > SecRule &REQUEST_COOKIES_NAMES:my_cookie "@eq 0" > > ------- > > > > > > But this does not work. I get either an infinitive loop or I get the > > subpage but with some missing files (like no CSS allocated, etc). > > > > > > I am lost! Don't know how to manage my needs with mod_security. I > > basically just want to display the special page at least every 24 > > hours. Regardless of the request the user from certain IP addresses > > has issued in the first place. > > > > How to do that with mod_security? > > > > btw: Using mod_security v2.5.7. > > > > > > // Steve > > -- > > Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen > > downloaden: http://www.gmx.net/de/go/browser > > > > ---------------------------------------------------------------------- > > --- This SF.Net email is sponsored by the Moblin Your Move Developer's > > challenge Build the coolest Linux based applications with Moblin SDK & > > win great prizes Grand prize is a trip for two to an Open Source event > > anywhere in the world > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > -- > Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: > http://www.gmx.net/de/go/multimessenger > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge Build the coolest Linux based applications with Moblin SDK & win great > prizes Grand prize is a trip for two to an Open Source event anywhere in the > world http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
From: Christian B. <ch...@jw...> - 2008-10-20 09:38:56
|
Hi Steve, I don't know where exactly you are setting your cookie (assuming you do this within your application? You cannot modify request with modsecurity, so setting a cookie will have to be done "externally". I agree to Christian (Folini) saying this might just work out with mod_rewrite itself. Below is a solution, which is based on mod_rewrite. What I'd try is the following: # # Enable mod_rewrite # RewriteEngine On # # if no cookie is found in the current request, we do a redirect to the special page # the redirect should contain the "Set-Cookie" header as created above, i.e. the next # request should not get redirected until the cookie expires, i.e. not until 84600 seconds # RewriteCond %{HTTP:Cookie} "!my_cookie" RewriteRule .* http://www.domain.tld/some-special-page [COOKIE=my_cookie:1:www.domain.tld:86400,R,L] I did not try it, but at least it should work in theory ;-) ---------------- For another - session-based ModSecurity-only approach you could try this: # We create a session-context based on a session-cookie, eg. PHPSESSID # SecRule REQUEST_COOKIES "PHPSESSID" "!^$" "phase:1,chain" SecAction setsid:%{REQUEST_COOKIES:PHPSESSID} # We check for a session-variable called "lastVisitIn24Hrs" which should # be present, if the client visited us within the last 24 hours # # If the variable is not present within this session, we create it, put it # into the session and make it expire within 24 hours # SecRule &SESSION:lastVisitIn24Hrs "< 1" "phase: 1 ,setvar:session .lastVisitIn24Hrs =1,expirevar:session.lastVisitIn24Hours=86400,redirect:http://www.domain.tld/some-special-page " Best regards, Chris |