Re: [mod-security-users] SecRule REMOTE_USER problem
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecRule REMOTE_USER problem
|
From: Ryan B. <RBa...@tr...> - 2011-10-28 14:32:06
|
On 10/28/11 9:58 AM, "Jose Julian Buda" <jb...@no...> wrote: >Debian squeeze with apache 2. > >I have a directory /somedir/ with a .htaccess file > >.... >AuthName "Autentication" >AuthType Basic >AuthUserFile /anydir/users >require valid-user >..... > > >It ask to enter the user name just fine. >What i need is to disable the mod_security rule engine just for some user. > >i put on /etc/apache2/conf.d/mod_security as first rule > > >SecRule REMOTE_USER "^userok$" allow,ctl:ruleEngine=off >... Try adding "phase:2" to your rule. In order to have REMOTE_USER populated, the authentication module has to run before this rule. Add phase:2 and then use the debug log to see if the variable has the right data. -Ryan > > > >and theres is some more rules down to filter. > >when i log in with "that" user(userok), the ruleEngine does'nt stop. > >is it ok this rule? > >what else do i need to stop the ruleEngine for this authenticated user? > > >Thank you > >Julian > > > > > > > > > >-------------------------------------------------------------------------- >---- >The demand for IT networking professionals continues to grow, and the >demand for specialized networking skills is growing even more rapidly. >Take a complimentary Learning@Cisco Self-Assessment and learn >about Cisco certifications, training, and career opportunities. >http://p.sf.net/sfu/cisco-dev2dev >_______________________________________________ >mod-security-users mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-users >Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >http://www.modsecurity.org/projects/commercial/rules/ >http://www.modsecurity.org/projects/commercial/support/ > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |