Re: [mod-security-users] How to write an IP automatically to a file?
Brought to you by:
victorhora,
zimmerletw
From: Sergio <se...@gm...> - 2010-01-27 04:09:29
|
Hi William, I have tested the rule but is not working, I don't know if it is because a bad chmod in any of the files, here is what I have done: SecRule REQUEST_URI "@pmFromFile my-file.txt" \ "capture,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:999999,rev:1,severit y:2,msg:'IP DETECTED',exec:'/backup/ip-write-test.lua',logdata:'%{TX.0}'" The SecRule is working his part, but the exec is not, for the LUA file I wrote it in my /backup partition and chmod it 644, the other file "IPS.TXT" is also in my /backup partition and has a chmod of 644. Are this settings ok or am I missing something? Regards, Sergio On Tue, Jan 26, 2010 at 3:49 PM, William Salusky <wsa...@gm...> wrote: > You can do that by calling a Lua script via the exec keyword. > > SecRule BLAH "BLAH" > "log,auditlog,pass,id:'888801',msg:'ip-write-test',severity:'7',rev:'1',exec:/path/to/your_lua_scripts/ip-write-test.lua" > > ===== > > function main() > local fh = io.open("/tmp/ips.txt", "a+") > if fh then > local var1 = m.getvar("REMOTE_ADDR", "none") > str1 = string.format('IP is: %s\n', var1) > fh:write(str1) > fh:flush() > fh:close() > end > > return fh ~= nil > end > > > > > On Tue, Jan 26, 2010 at 3:55 PM, Sergio <se...@gm...> wrote: > >> Hi, >> Is it possible to create a rule that when it is triggered it could write >> just the offender IP to a file other than the audit_log? >> >> Regards, >> Sergio >> >> >> >> ------------------------------------------------------------------------------ >> The Planet: dedicated and managed hosting, cloud storage, colocation >> Stay online with enterprise data centers and the best network in the >> business >> Choose flexible plans and management services without long-term contracts >> Personal 24x7 support from experience hosting pros just a phone call away. >> http://p.sf.net/sfu/theplanet-com >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Appliances, Rule Sets and Support: >> http://www.modsecurity.org/breach/index.html >> >> > |