Re: [mod-security-users] How to use "allow" fields to write whitelist
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to use "allow" fields to write whitelist
|
From: Josh Amishav-Z. <ja...@ow...> - 2013-04-09 10:22:48
|
On Tue, Apr 9, 2013 at 6:31 AM, zhangtiliang007 <zha...@16...>wrote: > hi~ > Recent study modsecurity rules. And I had some troubles,According to > the Reference Manual,Reference as follows: > Allow: > Description: Stops rule processing on a successful match and allows the > transaction to proceed. > Action Group: Disruptive > Example: > # Allow unrestricted access from 192.168.1.100 > SecRule REMOTE_ADDR "^192\.168\.1\.100$" phase:1,id:95,nolog,allow > > Now My "apache+ModSecurity" use in reverse proxy mode and proxy > local website(example:http://localhost:8080/WebGoat/attack),I want > modsecurity do not deal with some requests. For example,let " > http://localhost:8080/WebGoat/attack and 1=1" go through modsecurity > without trigger the rules,How do I use ”allow“ fields to write a new > rule?Or other methods ? > Hi, You could use something like the following rule which stops the processing for any request whose URI contains the string 'WebGoat/attack and 1=1' SecRule REQUEST_URI "@contains /webgoat/attack and 1=1" "phase:2,id:1,t:none, \ t:Utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,allow" -- - Josh > Thanks! > > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |