Re: [mod-security-users] Availability of ModSecurity 2.7.3 > mod_remoteip :-(
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2013-04-02 14:11:20
|
On 4/2/13 10:02 AM, "Reindl Harald" <h.r...@th...> wrote: >the "mod_remoteip" problem is still not finally fixed > >with 2.7.3 the logging is correct BUT i need still the proxy-ip >for whitelistings what indicates that there is something unclean >and this is a MAJOR PROBLEM in environments with LodaBalancing >as also a show-stopper for rollout Apache 2.4 at all :-( > >SecRule REMOTE_ADDR "^10\.0\.0\.99" >"id:'102',phase:1,pass,nolog,ctl:ruleRemoveById=990002" >if i replace "^10\.0\.0\.99" with the IP of the proxy the whitelisting >works For rule exceptions - couldn't you use REQUEST_HEADERS:X-Forwarded-For variable instead of REMOTE_ADDR? That is all mod_remoteip is doing anyways is swapping in the front-end client IP address for REMOTE_ADDR. You can just write rules that inspect the X-Forwarded-For data directly. -Ryan >_____________________________ > >[Tue Apr 02 15:54:23.772247 2013] [:error] [pid 1333] [client 10.0.0.99] >ModSecurity: Access denied with code 404 >(phase 2). Matched phrase "nessus" at REQUEST_HEADERS:User-Agent. [file >"/etc/httpd/modsecurity.d/modsecurity_35_bad_robots.conf"] [line "3"] [id >"990002"] [msg "Bad Robot"] [hostname >"proxy.test.rh"] [uri "/"] [unique_id "UVrjDwoAAGMAAAU1RPEAAAAD"] > >Am 29.03.2013 17:55, schrieb Breno Silva: >> The ModSecurity Development Team is pleased to announce the >>availability of ModSecurity 2.7.3 Stable Release.The >> stability of this release is good and includes many bug fixes. >> >> Many issues and missing features for NGINX module were fixed. NGINX >>module version is now RC. We have fixed some >> minor issues for IIS. >> >> We also added some important new features, the ability to load some >>specific directives into .htaccess files and >> the SecXmlExternalEntity security feature that will disable by default >>the possibility to load xml external >> entities. We recommend all users use this version. >> >> Please see the release notes included into CHANGES file. For known >>problems and more information about bug fixes, >> please see the online ModSecurity Jira. Please report any bug to >>mod...@li... >> <mailto:mod...@li...> > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |