Re: [mod-security-users] disable rule based on arg - Email found in subject - Email found in subjec
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] disable rule based on arg - Email found in subject - Email found in subject
|
From: Leon B. <le...@ti...> - 2009-10-25 11:28:41
|
Hi Brian,
The first rule indeed needs an option arg.
Is it possible to chain another rule so the option arg is not required?
I know have this:
SecRule ARGS:option "^com_resize$" "pass,skip:1"
SecRule ARGS|ARGS_NAMES "^http:/"
But I like the syntax of the chain command better.
Leon
________________________________________
From: Brian Rectanus [Bri...@br...]
Sent: 24 October 2009 23:20
To: Leon Bogaert
Cc: Christian Bockermann; mod...@li...
Subject: Re: [mod-security-users] disable rule based on arg - Email found in subject - Email found in subject
Some other options:
SecRule ARGS|ARGS_NAMES "^http:/" "chain,..."
SecRule ARGS:option "!^com_resize$"
NOTE: this may require option arg - I did not have time to verify
OR
SecRule ARGS:option "^com_resize$" "pass,nolog,phase:1,ctl:ruleRemoveById=1234"
SecRule ARGS|ARGS_NAMES "^http:/" "id:1234,..."
later,
-B
Leon Bogaert wrote:
Hi Christian,
Thank you very much! I'm gonna try this tomorrow!
Leon
________________________________________
From: Christian Bockermann [ch...@jw...<mailto:ch...@jw...>]
Sent: 24 October 2009 13:07
To: Leon Bogaert
Cc: mod...@li...<mailto:mod...@li...>
Subject: Re: [mod-security-users] disable rule based on arg - Email found in subject
Hi Leon,
you could for instance use the "skip" action:
SecRule ARGS:option "^com_resize$" "skip:1"
SecRule ARGS|ARGS_NAMES "^http:/"
The first rule should skip the evaluation of the second one if
option=='com_resize'.
As you second rule seems to watch for remote references, you may want
to make sure to limit
the possible allowed remote-references for requests containing
"option=='com_resize'" instead
of completely skipping this rule.
Best regards,
Chris
Am 23.10.2009 um 13:39 schrieb Leon Bogaert:
Hi all,
I have this rule for mod_security2:
SecRule ARGS|ARGS_NAMES "^http:/"
But I would like to disable it if the "option" arg == 'com_resize'
So if the request containst option=com_resize I would like to
disable the above rule.
I tried searching on google but I only found out how to disable
specific rules for specific locations.
Thanks in advance!
Leon
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart
your
developing skills, take BlackBerry mobile applications to market and
stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
mod-security-users mailing list
mod...@li...<mailto:mod...@li...>
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
mod-security-users mailing list
mod...@li...<mailto:mod...@li...>
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
--
Brian Rectanus
Breach Security
|