Thread: [mod-security-users] Group "SecRuleRemoveById" with Alias-Name
Brought to you by:
victorhora,
zimmerletw
From: Reindl H. <h.r...@th...> - 2011-07-27 09:15:48
Attachments:
signature.asc
|
Hi Is there a way to group a set of disabled rules as below in a way that you can use them for a bundle of other locations needing the same excludes without maintain the whole list for every of them? i dream of something about "SecRuleRemoveById wysiwyg-settings" defined at the begin <LocationMatch "/dorcroot/sommething-with-wysiwyg.php"> SecRuleRemoveById 48 SecRuleRemoveById 49 SecRuleRemoveById 50 SecRuleRemoveById 51 SecRuleRemoveById 52 SecRuleRemoveById 53 SecRuleRemoveById 54 SecRuleRemoveById 55 SecRuleRemoveById 56 SecRuleRemoveById 57 SecRuleRemoveById 58 SecRuleRemoveById 59 SecRuleRemoveById 60 SecRuleRemoveById 61 SecRuleRemoveById 62 SecRuleRemoveById 63 SecRuleRemoveById 64 SecRuleRemoveById 65 SecRuleRemoveById 66 SecRuleRemoveById 67 SecRuleRemoveById 68 SecRuleRemoveById 69 SecRuleRemoveById 70 SecRuleRemoveById 71 SecRuleRemoveById 72 SecRuleRemoveById 73 SecRuleRemoveById 74 </LocationMatch> |
From: Marc S. <mar...@ap...> - 2011-07-27 11:13:36
|
This can be easily done with mod_macro (it's its core feature). On 27/7/2011 11:15, Reindl Harald wrote: > Hi > > Is there a way to group a set of disabled rules as below > in a way that you can use them for a bundle of other > locations needing the same excludes without maintain > the whole list for every of them? > > i dream of something about "SecRuleRemoveById wysiwyg-settings" > defined at the begin > > <LocationMatch "/dorcroot/sommething-with-wysiwyg.php"> > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > > > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Reindl H. <h.r...@th...> - 2011-07-27 11:23:32
Attachments:
signature.asc
|
have you any working example? the documentation is not really clear for me http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html > This module is contained in the mod_macro.c file, and is not > compiled in by default. sounds like it is included in the httpd-source but not compiled as default, but i can not find it in the offical documentation http://httpd.apache.org/docs/2.2/mod/ Am 27.07.2011 12:55, schrieb Marc Stern: > This can be easily done with mod_macro (it's its core feature). > > On 27/7/2011 11:15, Reindl Harald wrote: >> Hi >> >> Is there a way to group a set of disabled rules as below >> in a way that you can use them for a bundle of other >> locations needing the same excludes without maintain >> the whole list for every of them? >> >> i dream of something about "SecRuleRemoveById wysiwyg-settings" >> defined at the begin >> >> <LocationMatch "/dorcroot/sommething-with-wysiwyg.php"> >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> |
From: Marc S. <mar...@ap...> - 2011-07-27 14:54:45
|
<Macro DisableWysiwygRules> SecRuleRemoveById 48-74 # Disable scanning of response body (example) SecResponseBodyAccess off </Macro> On 27/7/2011 13:23, Reindl Harald wrote: > have you any working example? > the documentation is not really clear for me > > http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >> This module is contained in the mod_macro.c file, and is not >> compiled in by default. > > sounds like it is included in the httpd-source but not compiled as > default, but i can not find it in the offical documentation > http://httpd.apache.org/docs/2.2/mod/ > > Am 27.07.2011 12:55, schrieb Marc Stern: >> This can be easily done with mod_macro (it's its core feature). >> >> On 27/7/2011 11:15, Reindl Harald wrote: >>> Hi >>> >>> Is there a way to group a set of disabled rules as below >>> in a way that you can use them for a bundle of other >>> locations needing the same excludes without maintain >>> the whole list for every of them? >>> >>> i dream of something about "SecRuleRemoveById wysiwyg-settings" >>> defined at the begin >>> >>> <LocationMatch "/dorcroot/sommething-with-wysiwyg.php"> >>> SecRuleRemoveById 48 >>> SecRuleRemoveById 49 >>> SecRuleRemoveById 50 >>> SecRuleRemoveById 51 >>> SecRuleRemoveById 52 >>> SecRuleRemoveById 53 >>> SecRuleRemoveById 54 >>> SecRuleRemoveById 55 >>> SecRuleRemoveById 56 >>> SecRuleRemoveById 57 >>> SecRuleRemoveById 58 >>> SecRuleRemoveById 59 >>> SecRuleRemoveById 60 >>> SecRuleRemoveById 61 >>> SecRuleRemoveById 62 >>> SecRuleRemoveById 63 >>> SecRuleRemoveById 64 >>> SecRuleRemoveById 65 >>> SecRuleRemoveById 66 >>> SecRuleRemoveById 67 >>> SecRuleRemoveById 68 >>> SecRuleRemoveById 69 >>> SecRuleRemoveById 70 >>> SecRuleRemoveById 71 >>> SecRuleRemoveById 72 >>> SecRuleRemoveById 73 >>> SecRuleRemoveById 74 >>> </LocationMatch> > > > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Marc S. <mar...@ap...> - 2011-07-28 11:43:42
|
I was giving that only as an example, but I can do the same for yours: <Macro SpecificWysiwygRules> SecRuleRemoveById 981231 SecRuleRemoveById 958125 SecRuleRemoveById 950005 .... will grow for every rule breaking WYSIWYG ..... .... has to be applied to a growing number of locations with WYSIG ...... </Macro> <LocationMatch "/location1/file1.php"> Use SpecificWysiwygRules </LocationMatch> <LocationMatch "/location2/file2.php"> Use SpecificWysiwygRules </LocationMatch> <LocationMatch "/location3/file1.php"> Use SpecificWysiwygRules </LocationMatch> ... Isn't that what you want? Marc On 27/7/2011 18:40, Reindl Harald wrote: > you missunderstood me > > first i need a complex set not only rules > from 48-78, additionally to them some > single rules > > and the point is not to specify 48-78 > the point is define a flexible set of disabled rules > and apply this to 10, 20, 30 or more<LocationMatch> > with the ability to maintain the rule-group on one point > instead copy the list to every location > > <LocationMatch "/location1/file1.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > .... will grow for every rule breaking WYSIWYG ..... > .... has to be applied to a growing number of locations with WYSIG ...... > </LocationMatch> > <LocationMatch "/location1/file1.php"> > SecRuleRemoveByGroupHowEever > </LocationMatch> > <LocationMatch "/location1/file1.php"> > SecRuleRemoveByGroupHowEever > </LocationMatch> > <LocationMatch "/location1/file1.php"> > SecRuleRemoveByGroupHowEever > </LocationMatch> > ________________ > instead > > <LocationMatch "/location1/file1.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > > <LocationMatch "/location2/file2.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > > <LocationMatch "/location3/file3.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > > Am 27.07.2011 16:55, schrieb Marc Stern: >> <Macro DisableWysiwygRules> >> SecRuleRemoveById 48-74 >> # Disable scanning of response body (example) >> SecResponseBodyAccess off >> </Macro> >> >> On 27/7/2011 13:23, Reindl Harald wrote: >>> have you any working example? >>> the documentation is not really clear for me >>> >>> http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >>>> This module is contained in the mod_macro.c file, and is not >>>> compiled in by default. >>> >>> sounds like it is included in the httpd-source but not compiled as >>> default, but i can not find it in the offical documentation >>> http://httpd.apache.org/docs/2.2/mod/ > > > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Reindl H. <h.r...@th...> - 2011-07-28 11:47:31
Attachments:
signature.asc
|
exactly thank you very much and i think this thread will help many others searching the web for this now i have only to find out what is the best way to get mod_macro into our webserver-configuration but this must wait now because i am very busy with other security audits this time :-( Am 28.07.2011 13:44, schrieb Marc Stern: > I was giving that only as an example, but I can do the same for yours: > > <Macro SpecificWysiwygRules> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > .... will grow for every rule breaking WYSIWYG ..... > .... has to be applied to a growing number of locations with WYSIG > ...... > </Macro> > > <LocationMatch "/location1/file1.php"> > Use SpecificWysiwygRules > </LocationMatch> > <LocationMatch "/location2/file2.php"> > Use SpecificWysiwygRules > </LocationMatch> > <LocationMatch "/location3/file1.php"> > Use SpecificWysiwygRules > </LocationMatch> > ... > > Isn't that what you want? > > Marc > > On 27/7/2011 18:40, Reindl Harald wrote: >> you missunderstood me >> >> first i need a complex set not only rules >> from 48-78, additionally to them some >> single rules >> >> and the point is not to specify 48-78 >> the point is define a flexible set of disabled rules >> and apply this to 10, 20, 30 or more<LocationMatch> >> with the ability to maintain the rule-group on one point >> instead copy the list to every location >> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> .... will grow for every rule breaking WYSIWYG ..... >> .... has to be applied to a growing number of locations with WYSIG ...... >> </LocationMatch> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveByGroupHowEever >> </LocationMatch> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveByGroupHowEever >> </LocationMatch> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveByGroupHowEever >> </LocationMatch> >> ________________ >> instead >> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> >> >> <LocationMatch "/location2/file2.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> >> >> <LocationMatch "/location3/file3.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> >> >> Am 27.07.2011 16:55, schrieb Marc Stern: >>> <Macro DisableWysiwygRules> >>> SecRuleRemoveById 48-74 >>> # Disable scanning of response body (example) >>> SecResponseBodyAccess off >>> </Macro> >>> >>> On 27/7/2011 13:23, Reindl Harald wrote: >>>> have you any working example? >>>> the documentation is not really clear for me >>>> >>>> http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >>>>> This module is contained in the mod_macro.c file, and is not >>>>> compiled in by default. >>>> >>>> sounds like it is included in the httpd-source but not compiled as >>>> default, but i can not find it in the offical documentation >>>> http://httpd.apache.org/docs/2.2/mod/ >> >> >> >> ------------------------------------------------------------------------------ >> Got Input? Slashdot Needs You. >> Take our quick survey online. Come on, we don't ask for help often. >> Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> http://p.sf.net/sfu/slashdot-survey >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > > ------------------------------------------------------------------------------ > Got Input? Slashdot Needs You. > Take our quick survey online. Come on, we don't ask for help often. > Plus, you'll get a chance to win $100 to spend on ThinkGeek. > http://p.sf.net/sfu/slashdot-survey > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php -- Mit besten Grüßen, Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / software-development / cms-solutions p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm |
From: Reindl H. <h.r...@th...> - 2011-07-27 16:41:00
Attachments:
signature.asc
|
you missunderstood me first i need a complex set not only rules from 48-78, additionally to them some single rules and the point is not to specify 48-78 the point is define a flexible set of disabled rules and apply this to 10, 20, 30 or more <LocationMatch> with the ability to maintain the rule-group on one point instead copy the list to every location <LocationMatch "/location1/file1.php"> SecRuleRemoveById 981231 SecRuleRemoveById 958125 SecRuleRemoveById 950005 .... will grow for every rule breaking WYSIWYG ..... .... has to be applied to a growing number of locations with WYSIG ...... </LocationMatch> <LocationMatch "/location1/file1.php"> SecRuleRemoveByGroupHowEever </LocationMatch> <LocationMatch "/location1/file1.php"> SecRuleRemoveByGroupHowEever </LocationMatch> <LocationMatch "/location1/file1.php"> SecRuleRemoveByGroupHowEever </LocationMatch> ________________ instead <LocationMatch "/location1/file1.php"> SecRuleRemoveById 981231 SecRuleRemoveById 958125 SecRuleRemoveById 950005 SecRuleRemoveById 48 SecRuleRemoveById 49 SecRuleRemoveById 50 SecRuleRemoveById 51 SecRuleRemoveById 52 SecRuleRemoveById 53 SecRuleRemoveById 54 SecRuleRemoveById 55 SecRuleRemoveById 56 SecRuleRemoveById 57 SecRuleRemoveById 58 SecRuleRemoveById 59 SecRuleRemoveById 60 SecRuleRemoveById 61 SecRuleRemoveById 62 SecRuleRemoveById 63 SecRuleRemoveById 64 SecRuleRemoveById 65 SecRuleRemoveById 66 SecRuleRemoveById 67 SecRuleRemoveById 68 SecRuleRemoveById 69 SecRuleRemoveById 70 SecRuleRemoveById 71 SecRuleRemoveById 72 SecRuleRemoveById 73 SecRuleRemoveById 74 </LocationMatch> <LocationMatch "/location2/file2.php"> SecRuleRemoveById 981231 SecRuleRemoveById 958125 SecRuleRemoveById 950005 SecRuleRemoveById 48 SecRuleRemoveById 49 SecRuleRemoveById 50 SecRuleRemoveById 51 SecRuleRemoveById 52 SecRuleRemoveById 53 SecRuleRemoveById 54 SecRuleRemoveById 55 SecRuleRemoveById 56 SecRuleRemoveById 57 SecRuleRemoveById 58 SecRuleRemoveById 59 SecRuleRemoveById 60 SecRuleRemoveById 61 SecRuleRemoveById 62 SecRuleRemoveById 63 SecRuleRemoveById 64 SecRuleRemoveById 65 SecRuleRemoveById 66 SecRuleRemoveById 67 SecRuleRemoveById 68 SecRuleRemoveById 69 SecRuleRemoveById 70 SecRuleRemoveById 71 SecRuleRemoveById 72 SecRuleRemoveById 73 SecRuleRemoveById 74 </LocationMatch> <LocationMatch "/location3/file3.php"> SecRuleRemoveById 981231 SecRuleRemoveById 958125 SecRuleRemoveById 950005 SecRuleRemoveById 48 SecRuleRemoveById 49 SecRuleRemoveById 50 SecRuleRemoveById 51 SecRuleRemoveById 52 SecRuleRemoveById 53 SecRuleRemoveById 54 SecRuleRemoveById 55 SecRuleRemoveById 56 SecRuleRemoveById 57 SecRuleRemoveById 58 SecRuleRemoveById 59 SecRuleRemoveById 60 SecRuleRemoveById 61 SecRuleRemoveById 62 SecRuleRemoveById 63 SecRuleRemoveById 64 SecRuleRemoveById 65 SecRuleRemoveById 66 SecRuleRemoveById 67 SecRuleRemoveById 68 SecRuleRemoveById 69 SecRuleRemoveById 70 SecRuleRemoveById 71 SecRuleRemoveById 72 SecRuleRemoveById 73 SecRuleRemoveById 74 </LocationMatch> Am 27.07.2011 16:55, schrieb Marc Stern: > <Macro DisableWysiwygRules> > SecRuleRemoveById 48-74 > # Disable scanning of response body (example) > SecResponseBodyAccess off > </Macro> > > On 27/7/2011 13:23, Reindl Harald wrote: >> have you any working example? >> the documentation is not really clear for me >> >> http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >>> This module is contained in the mod_macro.c file, and is not >>> compiled in by default. >> >> sounds like it is included in the httpd-source but not compiled as >> default, but i can not find it in the offical documentation >> http://httpd.apache.org/docs/2.2/mod/ |
From: Ryan B. <RBa...@tr...> - 2011-07-27 17:03:54
|
You could try this approach - 1) Create a template exception rule in your local modsecurity_crs_15_customrules.conf file 2) Instead of using Apache Scope Directives (such as <Location>) and nesting ModSec directives, use SecRules and the ctl:ruleRemoveById action like this - SecRule REQUEST_FILENAME "@pmf /path/to/exception_url_list.txt" "phase:1,t:none,nolog,pass,ctl:'ruleRemoveById=48-74,981231,958125,950005'" And then list all of the URLs that you have put into a Location scope directive into the exception_url_list.txt file. This would assume, however, that all of those URLs would have the exact same exclusions. -Ryan On 7/27/11 12:40 PM, "Reindl Harald" <h.r...@th...> wrote: >you missunderstood me > >first i need a complex set not only rules >from 48-78, additionally to them some >single rules > >and the point is not to specify 48-78 >the point is define a flexible set of disabled rules >and apply this to 10, 20, 30 or more <LocationMatch> >with the ability to maintain the rule-group on one point >instead copy the list to every location > ><LocationMatch "/location1/file1.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > .... will grow for every rule breaking WYSIWYG ..... > .... has to be applied to a growing number of locations with WYSIG ...... ></LocationMatch> ><LocationMatch "/location1/file1.php"> > SecRuleRemoveByGroupHowEever ></LocationMatch> ><LocationMatch "/location1/file1.php"> > SecRuleRemoveByGroupHowEever ></LocationMatch> ><LocationMatch "/location1/file1.php"> > SecRuleRemoveByGroupHowEever ></LocationMatch> >________________ >instead > > <LocationMatch "/location1/file1.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > > <LocationMatch "/location2/file2.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > > <LocationMatch "/location3/file3.php"> > SecRuleRemoveById 981231 > SecRuleRemoveById 958125 > SecRuleRemoveById 950005 > SecRuleRemoveById 48 > SecRuleRemoveById 49 > SecRuleRemoveById 50 > SecRuleRemoveById 51 > SecRuleRemoveById 52 > SecRuleRemoveById 53 > SecRuleRemoveById 54 > SecRuleRemoveById 55 > SecRuleRemoveById 56 > SecRuleRemoveById 57 > SecRuleRemoveById 58 > SecRuleRemoveById 59 > SecRuleRemoveById 60 > SecRuleRemoveById 61 > SecRuleRemoveById 62 > SecRuleRemoveById 63 > SecRuleRemoveById 64 > SecRuleRemoveById 65 > SecRuleRemoveById 66 > SecRuleRemoveById 67 > SecRuleRemoveById 68 > SecRuleRemoveById 69 > SecRuleRemoveById 70 > SecRuleRemoveById 71 > SecRuleRemoveById 72 > SecRuleRemoveById 73 > SecRuleRemoveById 74 > </LocationMatch> > >Am 27.07.2011 16:55, schrieb Marc Stern: >> <Macro DisableWysiwygRules> >> SecRuleRemoveById 48-74 >> # Disable scanning of response body (example) >> SecResponseBodyAccess off >> </Macro> >> >> On 27/7/2011 13:23, Reindl Harald wrote: >>> have you any working example? >>> the documentation is not really clear for me >>> >>> http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >>>> This module is contained in the mod_macro.c file, and is not >>>> compiled in by default. >>> >>> sounds like it is included in the httpd-source but not compiled as >>> default, but i can not find it in the offical documentation >>> http://httpd.apache.org/docs/2.2/mod/ > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Reindl H. <h.r...@th...> - 2011-07-27 17:26:05
Attachments:
signature.asc
|
thank you! that sounds good, i will try this ASAP and read docs how to replace "REQUEST_FILENAME" for a location only a filename is too generic , "edit.php" as example i must not whitelist every URL ending with "edit.php" i have to deal with some hundret setups with the same inhouse developed application what is the reason that only a absolute url-path like "/modules/modulename/file.php" makes sure that we are speaking of a specific file of a specific module what can be present in 10, 20 or 100 domains Am 27.07.2011 19:03, schrieb Ryan Barnett: > You could try this approach - > > 1) Create a template exception rule in your local > modsecurity_crs_15_customrules.conf file > 2) Instead of using Apache Scope Directives (such as <Location>) and > nesting ModSec directives, use SecRules and the ctl:ruleRemoveById action > like this - > > SecRule REQUEST_FILENAME "@pmf /path/to/exception_url_list.txt" > "phase:1,t:none,nolog,pass,ctl:'ruleRemoveById=48-74,981231,958125,950005'" > > > And then list all of the URLs that you have put into a Location scope > directive into the exception_url_list.txt file. This would assume, > however, that all of those URLs would have the exact same exclusions. > > -Ryan > > On 7/27/11 12:40 PM, "Reindl Harald" <h.r...@th...> wrote: > >> you missunderstood me >> >> first i need a complex set not only rules >>from 48-78, additionally to them some >> single rules >> >> and the point is not to specify 48-78 >> the point is define a flexible set of disabled rules >> and apply this to 10, 20, 30 or more <LocationMatch> >> with the ability to maintain the rule-group on one point >> instead copy the list to every location >> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> .... will grow for every rule breaking WYSIWYG ..... >> .... has to be applied to a growing number of locations with WYSIG ...... >> </LocationMatch> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveByGroupHowEever >> </LocationMatch> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveByGroupHowEever >> </LocationMatch> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveByGroupHowEever >> </LocationMatch> >> ________________ >> instead >> >> <LocationMatch "/location1/file1.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> >> >> <LocationMatch "/location2/file2.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> >> >> <LocationMatch "/location3/file3.php"> >> SecRuleRemoveById 981231 >> SecRuleRemoveById 958125 >> SecRuleRemoveById 950005 >> SecRuleRemoveById 48 >> SecRuleRemoveById 49 >> SecRuleRemoveById 50 >> SecRuleRemoveById 51 >> SecRuleRemoveById 52 >> SecRuleRemoveById 53 >> SecRuleRemoveById 54 >> SecRuleRemoveById 55 >> SecRuleRemoveById 56 >> SecRuleRemoveById 57 >> SecRuleRemoveById 58 >> SecRuleRemoveById 59 >> SecRuleRemoveById 60 >> SecRuleRemoveById 61 >> SecRuleRemoveById 62 >> SecRuleRemoveById 63 >> SecRuleRemoveById 64 >> SecRuleRemoveById 65 >> SecRuleRemoveById 66 >> SecRuleRemoveById 67 >> SecRuleRemoveById 68 >> SecRuleRemoveById 69 >> SecRuleRemoveById 70 >> SecRuleRemoveById 71 >> SecRuleRemoveById 72 >> SecRuleRemoveById 73 >> SecRuleRemoveById 74 >> </LocationMatch> >> >> Am 27.07.2011 16:55, schrieb Marc Stern: >>> <Macro DisableWysiwygRules> >>> SecRuleRemoveById 48-74 >>> # Disable scanning of response body (example) >>> SecResponseBodyAccess off >>> </Macro> >>> >>> On 27/7/2011 13:23, Reindl Harald wrote: >>>> have you any working example? >>>> the documentation is not really clear for me >>>> >>>> http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >>>>> This module is contained in the mod_macro.c file, and is not >>>>> compiled in by default. >>>> >>>> sounds like it is included in the httpd-source but not compiled as >>>> default, but i can not find it in the offical documentation >>>> http://httpd.apache.org/docs/2.2/mod/ >> > > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > -- Mit besten Grüßen, Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / software-development / cms-solutions p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm |
From: Ryan B. <RBa...@tr...> - 2011-07-27 17:29:40
|
REQUEST_FILNAME includes the full URL path - http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Referenc e_Manual#REQUEST_FILENAME On 7/27/11 1:25 PM, "Reindl Harald" <h.r...@th...> wrote: >thank you! > >that sounds good, i will try this ASAP and read docs >how to replace "REQUEST_FILENAME" for a location > >only a filename is too generic , "edit.php" as example >i must not whitelist every URL ending with "edit.php" > >i have to deal with some hundret setups with the same inhouse >developed application what is the reason that only a absolute >url-path like "/modules/modulename/file.php" makes sure >that we are speaking of a specific file of a specific >module what can be present in 10, 20 or 100 domains > >Am 27.07.2011 19:03, schrieb Ryan Barnett: >> You could try this approach - >> >> 1) Create a template exception rule in your local >> modsecurity_crs_15_customrules.conf file >> 2) Instead of using Apache Scope Directives (such as <Location>) and >> nesting ModSec directives, use SecRules and the ctl:ruleRemoveById >>action >> like this - >> >> SecRule REQUEST_FILENAME "@pmf /path/to/exception_url_list.txt" >> >>"phase:1,t:none,nolog,pass,ctl:'ruleRemoveById=48-74,981231,958125,950005 >>'" >> >> >> And then list all of the URLs that you have put into a Location scope >> directive into the exception_url_list.txt file. This would assume, >> however, that all of those URLs would have the exact same exclusions. >> >> -Ryan >> >> On 7/27/11 12:40 PM, "Reindl Harald" <h.r...@th...> wrote: >> >>> you missunderstood me >>> >>> first i need a complex set not only rules >>>from 48-78, additionally to them some >>> single rules >>> >>> and the point is not to specify 48-78 >>> the point is define a flexible set of disabled rules >>> and apply this to 10, 20, 30 or more <LocationMatch> >>> with the ability to maintain the rule-group on one point >>> instead copy the list to every location >>> >>> <LocationMatch "/location1/file1.php"> >>> SecRuleRemoveById 981231 >>> SecRuleRemoveById 958125 >>> SecRuleRemoveById 950005 >>> .... will grow for every rule breaking WYSIWYG ..... >>> .... has to be applied to a growing number of locations with WYSIG >>>...... >>> </LocationMatch> >>> <LocationMatch "/location1/file1.php"> >>> SecRuleRemoveByGroupHowEever >>> </LocationMatch> >>> <LocationMatch "/location1/file1.php"> >>> SecRuleRemoveByGroupHowEever >>> </LocationMatch> >>> <LocationMatch "/location1/file1.php"> >>> SecRuleRemoveByGroupHowEever >>> </LocationMatch> >>> ________________ >>> instead >>> >>> <LocationMatch "/location1/file1.php"> >>> SecRuleRemoveById 981231 >>> SecRuleRemoveById 958125 >>> SecRuleRemoveById 950005 >>> SecRuleRemoveById 48 >>> SecRuleRemoveById 49 >>> SecRuleRemoveById 50 >>> SecRuleRemoveById 51 >>> SecRuleRemoveById 52 >>> SecRuleRemoveById 53 >>> SecRuleRemoveById 54 >>> SecRuleRemoveById 55 >>> SecRuleRemoveById 56 >>> SecRuleRemoveById 57 >>> SecRuleRemoveById 58 >>> SecRuleRemoveById 59 >>> SecRuleRemoveById 60 >>> SecRuleRemoveById 61 >>> SecRuleRemoveById 62 >>> SecRuleRemoveById 63 >>> SecRuleRemoveById 64 >>> SecRuleRemoveById 65 >>> SecRuleRemoveById 66 >>> SecRuleRemoveById 67 >>> SecRuleRemoveById 68 >>> SecRuleRemoveById 69 >>> SecRuleRemoveById 70 >>> SecRuleRemoveById 71 >>> SecRuleRemoveById 72 >>> SecRuleRemoveById 73 >>> SecRuleRemoveById 74 >>> </LocationMatch> >>> >>> <LocationMatch "/location2/file2.php"> >>> SecRuleRemoveById 981231 >>> SecRuleRemoveById 958125 >>> SecRuleRemoveById 950005 >>> SecRuleRemoveById 48 >>> SecRuleRemoveById 49 >>> SecRuleRemoveById 50 >>> SecRuleRemoveById 51 >>> SecRuleRemoveById 52 >>> SecRuleRemoveById 53 >>> SecRuleRemoveById 54 >>> SecRuleRemoveById 55 >>> SecRuleRemoveById 56 >>> SecRuleRemoveById 57 >>> SecRuleRemoveById 58 >>> SecRuleRemoveById 59 >>> SecRuleRemoveById 60 >>> SecRuleRemoveById 61 >>> SecRuleRemoveById 62 >>> SecRuleRemoveById 63 >>> SecRuleRemoveById 64 >>> SecRuleRemoveById 65 >>> SecRuleRemoveById 66 >>> SecRuleRemoveById 67 >>> SecRuleRemoveById 68 >>> SecRuleRemoveById 69 >>> SecRuleRemoveById 70 >>> SecRuleRemoveById 71 >>> SecRuleRemoveById 72 >>> SecRuleRemoveById 73 >>> SecRuleRemoveById 74 >>> </LocationMatch> >>> >>> <LocationMatch "/location3/file3.php"> >>> SecRuleRemoveById 981231 >>> SecRuleRemoveById 958125 >>> SecRuleRemoveById 950005 >>> SecRuleRemoveById 48 >>> SecRuleRemoveById 49 >>> SecRuleRemoveById 50 >>> SecRuleRemoveById 51 >>> SecRuleRemoveById 52 >>> SecRuleRemoveById 53 >>> SecRuleRemoveById 54 >>> SecRuleRemoveById 55 >>> SecRuleRemoveById 56 >>> SecRuleRemoveById 57 >>> SecRuleRemoveById 58 >>> SecRuleRemoveById 59 >>> SecRuleRemoveById 60 >>> SecRuleRemoveById 61 >>> SecRuleRemoveById 62 >>> SecRuleRemoveById 63 >>> SecRuleRemoveById 64 >>> SecRuleRemoveById 65 >>> SecRuleRemoveById 66 >>> SecRuleRemoveById 67 >>> SecRuleRemoveById 68 >>> SecRuleRemoveById 69 >>> SecRuleRemoveById 70 >>> SecRuleRemoveById 71 >>> SecRuleRemoveById 72 >>> SecRuleRemoveById 73 >>> SecRuleRemoveById 74 >>> </LocationMatch> >>> >>> Am 27.07.2011 16:55, schrieb Marc Stern: >>>> <Macro DisableWysiwygRules> >>>> SecRuleRemoveById 48-74 >>>> # Disable scanning of response body (example) >>>> SecResponseBodyAccess off >>>> </Macro> >>>> >>>> On 27/7/2011 13:23, Reindl Harald wrote: >>>>> have you any working example? >>>>> the documentation is not really clear for me >>>>> >>>>> http://cri.ensmp.fr/~coelho/mod_macro/mod_macro/mod_macro.html >>>>>> This module is contained in the mod_macro.c file, and is not >>>>>> compiled in by default. >>>>> >>>>> sounds like it is included in the httpd-source but not compiled as >>>>> default, but i can not find it in the offical documentation >>>>> http://httpd.apache.org/docs/2.2/mod/ >>> >> >> >> This transmission may contain information that is privileged, >>confidential, and/or exempt from disclosure under applicable law. If you >>are not the intended recipient, you are hereby notified that any >>disclosure, copying, distribution, or use of the information contained >>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you >>received this transmission in error, please immediately contact the >>sender and destroy the material in its entirety, whether in electronic >>or hard copy format. >> > >-- > >Mit besten Grüßen, Reindl Harald >the lounge interactive design GmbH >A-1060 Vienna, Hofmühlgasse 17 >CTO / software-development / cms-solutions >p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 >icq: 154546673, http://www.thelounge.net/ > >http://www.thelounge.net/signature.asc.what.htm > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |