Re: [mod-security-users] httpd-guardian and skipAfter

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

As a follow-up, the rule is matching as shown in the debug log below, but my
IP is still getting blacklisted by httpd-guardian and blacklist.

[18/Jan/2010:01:47:53 +1100]
[sensor/sid#f12fe30][rid#102b7908][/script.cfm][2] Warning. String match
"xxx.xxx.xxx.xxx" at REMOTE_ADDR. [file
"/opt/modsecurity/etc/systemwide/rules.conf"] [line "2"]
[18/Jan/2010:01:47:53 +1100]
[sensor/sid#f12fe30][rid#102b7908][/script.cfm][4] Rule returned 1.
[18/Jan/2010:01:47:53 +1100]
[sensor/sid#f12fe30][rid#102b7908][/script.cfm][9] Skipping after rule
b09d6b8 id="99" -> mode SKIP_RULES.
[18/Jan/2010:01:47:53 +1100]
[sensor/sid#f12fe30][rid#102b7908][/script.cfm][9] Found rule f12fb20
id="99".

Thanks,
  Chris

On Sun, Jan 17, 2010 at 4:13 PM, Chris Datfung <chr...@gm...>wrote:

> I have the following rule:
>
> SecRule REMOTE_ADDR "@streq xxx.xxx.xxx.xxx" "skipAfter:99"
> SecGuardianLog "|/opt/modsecurity/bin/httpd-guardian.pl"
> SecMarker 99
>
> My IP is xxx.xxx.xxx.xxx. I was hoping to use skipAfter to whitelist my IP
> from getting blacklisted by httpd-guardian, but I'm still getting blocked.
> Any ideas what is wrong with these rules?
>
> Thanks,
>   Chris
>
>