On Tue, Aug 27, 2013 at 10:14 PM, Sergio <secmas@gmail.com> wrote:
Hi all,
I have a doubt, Does the REMOTE_ADDR can use CIDR notation or is it only for exact matches as the example in the reference manual?

Example:
SecRule REMOTE_ADDR "@ipMatch 192.168.1.101" "id:35"

I will like to use a rule that can block a range of /16's IPs.


Hi Sergio,

The REMOTE_ADDR variable simply holds the remote address of the client. The ipMatch operator does support CIDR notation. For example the following rule blocks a /16 address range:

SecRule REMOTE_ADDR "@ipMatch 10.0.0.0/16" "phase:1,id:1,block,msg:'Blocked request due to source IP'"
 
--
 - Josh

Thanks in advace.

Regards,

Sergio

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/