Thread: [mod-security-users] REQUEST_BODY question.
Brought to you by:
victorhora,
zimmerletw
From: SoFy D. <sof...@gm...> - 2008-05-27 13:15:14
|
Hello, I'm trying to make some files denied for any user,expect if he have 0 UID. I tried this rule : SecRule SCRIPT_FILENAME|REQUEST_BODY "^/home/user/important\.php$" chain SecRule "SCRIPT_UID "!^0$". then, I can't log to this file from browser and that's fine, but I can get it from php codes, so that's mean the REQUEST_BODY didn't work.. any suggestions ? Thanks. |
From: <chr...@po...> - 2008-05-27 13:22:06
|
Hi SoFy, If I get you right, then you managed to read a file within your php code, while your browser was denied direct access. This is the expected behaviour and you have to configure your application accordingly. ModSecurity will only protect HTTP access to your webserver. It can not protect you from an application that reads files, it should not read. So this is an application problem and not a ModSecurity one. regs, Christian ________________________________ Von: mod...@li... [mailto:mod...@li...] Im Auftrag von SoFy DeNiro Gesendet: Dienstag, 27. Mai 2008 15:15 An: mod...@li... Betreff: [mod-security-users] REQUEST_BODY question. Hello, I'm trying to make some files denied for any user,expect if he have 0 UID. I tried this rule : SecRule SCRIPT_FILENAME|REQUEST_BODY "^/home/user/important\.php$" chain SecRule "SCRIPT_UID "!^0$". then, I can't log to this file from browser and that's fine, but I can get it from php codes, so that's mean the REQUEST_BODY didn't work.. any suggestions ? Thanks. |
From: Ryan B. <Ryan.Barnett@Breach.com> - 2008-05-27 16:03:24
|
What version of ModSecurity are you using? Can you give some audit log examples of the type of transaction you want to block? My guess here is that while you do want to use RegEx anchors for the SCRIPT_FILENAME variable (to reduce evasions and false positives) it is probably too restrictive and is preventing the REQUEST_BODY variable from matching as there is probably other data present such as the parameter names, etc... ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of SoFy DeNiro Sent: Tuesday, May 27, 2008 9:15 AM To: mod...@li... Subject: [mod-security-users] REQUEST_BODY question. Hello, I'm trying to make some files denied for any user,expect if he have 0 UID. I tried this rule : SecRule SCRIPT_FILENAME|REQUEST_BODY "^/home/user/important\.php$" chain SecRule "SCRIPT_UID "!^0$". then, I can't log to this file from browser and that's fine, but I can get it from php codes, so that's mean the REQUEST_BODY didn't work.. any suggestions ? Thanks. |
From: Jordi R. <jr...@is...> - 2008-06-03 13:36:38
|
Try with these directives SecRequestBodyAccess On SecResponseBodyAccess On SoFy DeNiro wrote: > Hello, > > I'm trying to make some files denied for any user,expect if he have 0 > UID. I tried this rule : > > SecRule SCRIPT_FILENAME|REQUEST_BODY "^/home/user/important\.php$" chain > SecRule "SCRIPT_UID "!^0$". > > then, I can't log to this file from browser and that's fine, but I can > get it from php codes, so that's mean the REQUEST_BODY didn't work.. > > any suggestions ? > Thanks. > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users -- _________________________________ Jordi Rubió Romero Ingeniero de Software Dpto. Seguridad Gestionada jr...@is... Internet Security Auditors, S.L. c. Santander, 101. Edif. A. 2º E-08030 Barcelona Tel: +34 93 305 13 18 Fax: +34 93 278 22 48 www.isecauditors.com ____________________________________ Este mensaje y los documentos que, en su caso lleve anexos, pueden contener información CONFIDENCIAL. Por ello, se informa al destinatario que la información contenida en el mismo es reservada y su uso no autorizado, publicación o difusión, entera o parcialmente, tanto en formato o medio físico como electrónico, sin el previo consentimiento de Internet Security Auditors, está prohibida legalmente. Si ha recibido este correo por error, le rogamos que nos lo comunique por la misma vía o por teléfono (93 305 13 18), se abstenga de realizar copias del mensaje o remitirlo o entregarlo a otra persona y proceda a borrarlo de inmediato. En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre de protección de datos de carácter personal, Internet Security Auditors S.L., le informa de que sus datos personales se han incluido en ficheros informatizados titularidad de Internet Security Auditors S.L., que será el único destinatario de dichos datos, y cuya finalidad exclusiva es la gestión de clientes y acciones de comunicación comercial, y de que tiene la posibilidad de ejercer los derechos de acceso, rectificación, cancelación y oposición previstos en la ley mediante carta dirigida a Internet Security Auditors, c. Santander, 101. Edif. A. 2º, 08030 Barcelona, o vía e-mail a la siguiente dirección de correo: le...@is... |