Re: [mod-security-users] REMOTE_ADDR / Apache 2.4 and mod_remoteip

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Yes. We still have a ticket for this. I will work on it later.

You can use now the variable USERAGENT_IP instead of REMOTE_ADDR.

Thanks

Breno

On Tue, Jan 29, 2013 at 8:55 AM, Reindl Harald <h.r...@th...>wrote:

> i overlooked the 2.7.2 release
>
> 2.7.2:
> * Fixed mod_security displaying wrong ip address in error.log using apache
> 2.4 and mod_remoteip
>
> logging is now as expected but rules with REMOTE_ADDR in
> context of "mod_remoteip" does not work
> ___________________________________________________
>
> SecRule REMOTE_ADDR "^10\.0\.0\.99"
> "id:'117',phase:1,nolog,allow,ctl:ruleEngine=off"
>
> [Tue Jan 29 11:50:28.170865 2013] [:error] [pid 3931] [client 10.0.0.99]
> ModSecurity: Access denied with code 404
> (phase 2). Matched phrase "nessus" at REQUEST_HEADERS:User-Agent. [file
> "/etc/httpd/modsecurity.d/modsecurity_35_bad_robots.conf"] [line "3"] [id
> "990002"] [msg "Bad Robot"] [hostname
> "proxy.test.rh"] [uri "/show_content.php"] [unique_id
> "UQepdAoAAGMAAA9bSW8AAAAE"]
> ___________________________________________________
>
> 10.0.0.99 is logged but i have to use the proxy-ip 10.0.0.103 in the
> whitelisting (rule id 117) which is not the intention of it - can we
> please have this fixed too?
>
> --
>
> Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / CISO / Software-Development
> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>