Re: [mod-security-users] httpd-guardian and skipAfter
Brought to you by:
victorhora,
zimmerletw
From: Chris D. <chr...@gm...> - 2010-01-17 15:10:27
|
As a follow-up, the rule is matching as shown in the debug log below, but my IP is still getting blacklisted by httpd-guardian and blacklist. [18/Jan/2010:01:47:53 +1100] [sensor/sid#f12fe30][rid#102b7908][/script.cfm][2] Warning. String match "xxx.xxx.xxx.xxx" at REMOTE_ADDR. [file "/opt/modsecurity/etc/systemwide/rules.conf"] [line "2"] [18/Jan/2010:01:47:53 +1100] [sensor/sid#f12fe30][rid#102b7908][/script.cfm][4] Rule returned 1. [18/Jan/2010:01:47:53 +1100] [sensor/sid#f12fe30][rid#102b7908][/script.cfm][9] Skipping after rule b09d6b8 id="99" -> mode SKIP_RULES. [18/Jan/2010:01:47:53 +1100] [sensor/sid#f12fe30][rid#102b7908][/script.cfm][9] Found rule f12fb20 id="99". Thanks, Chris On Sun, Jan 17, 2010 at 4:13 PM, Chris Datfung <chr...@gm...>wrote: > I have the following rule: > > SecRule REMOTE_ADDR "@streq xxx.xxx.xxx.xxx" "skipAfter:99" > SecGuardianLog "|/opt/modsecurity/bin/httpd-guardian.pl" > SecMarker 99 > > My IP is xxx.xxx.xxx.xxx. I was hoping to use skipAfter to whitelist my IP > from getting blacklisted by httpd-guardian, but I'm still getting blocked. > Any ideas what is wrong with these rules? > > Thanks, > Chris > > |