[Mod-security-developers] [JIRA] Resolved: (MODSEC-235) @ipMatch with multiple parameters not logge

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

     [ https://www.modsecurity.org/tracker/browse/MODSEC-235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-235.
--------------------------------------

    Resolution: Fixed

Now we have (audit log):
--6dc1c311-K--
Rule [Match]: SecRule "REMOTE_ADDR" "@ipMatch 192.168.0.1/24,192.168.1.5,192.168.1.10" "phase:2,log,auditlog,pass"

Debug log:
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][5] Rule 21f665c0: SecRule "REMOTE_ADDR" "@ipMatch 192.168.0.1/24,192.168.1.5,192.168.1.10" "phase:2,log,auditlog,pass"
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Transformation completed in 2 usec.
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Executing operator "ipMatch" with param "192.168.0.1/24,192.168.1.5,192.168.1.10" against REMOTE_ADDR.
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][9] Target value: "192.168.0.100"
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Operator completed in 65 usec.
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][2] Warning. IPmatch "192.168.0.100" matched "192.168.0.1/24" at REMOTE_ADDR. [file "/etc/apache2/modsecurity/modsecurity_crs_15_customrules.conf"] [line "118"]
[27/Apr/2011:09:20:06 --0700] [192.168.0.103/sid#21f68f78][rid#21f79660][/index.html][4] Rule returned 1.


> @ipMatch with multiple parameters not logged correctly
> ------------------------------------------------------
>
>                 Key: MODSEC-235
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-235
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Logging
>    Affects Versions: 2.6.0
>            Reporter: Ivan Ristic
>            Assignee: Breno Silva Pinto
>             Fix For: 2.6.0
>
>
> When a rule uses @ipMatch with multiple parameters, only the first parameter is recorded in logs.
> For example:
> SecRule REMOTE_ADDR "@ipMatch 192.168.1.1,192.168.1.5,192.168.1.10"
> results with:
> SecRule REMOTE_ADDR "@ipMatch 192.168.1.1"
> in the audit log. Same in the debug log.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Mod-security-developers] [JIRA] Resolved: (MODSEC-235) @ipMatch with multiple parameters not logge

[Mod-security-developers] [JIRA] Resolved: (MODSEC-235) @ipMatch with multiple parameters not logged correctly