Re: [mod-security-users] Does REMOTE_ADDR directive can handle CIDR notation?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Does REMOTE_ADDR directive can handle CIDR notation?
|
From: Sergio <se...@gm...> - 2013-08-28 00:03:06
|
Thank you, Josh! One more question, is it possible to check the @ipMatch with a file filled with the CIDR IPs that I want to block? Something like this? SecRule REMOTE_ADDR "@ipMatch IPs-blacklist.txt <http://10.0.0.0/16>" "phase:1,id:1,block,msg:' Blocked request due to source IP'" Right now I am using my rule: SecRule REMOTE_ADDR "!@pmFromFile IPs-whitelist.txt" \ "chain,deny,nolog,id:199,rev:2,msg:'IP Match: IP is on My IPs Blacklist',severity:'3'" SecRule REMOTE_ADDR "@pmFromFile IPs-blacklist.txt" But I need to make it more flexible, so I can use CIDRs and that will be great. Regards, Sergio On Tue, Aug 27, 2013 at 1:28 PM, Josh Amishav-Zlatin <ja...@ow...>wrote: > On Tue, Aug 27, 2013 at 10:14 PM, Sergio <se...@gm...> wrote: > >> Hi all, >> I have a doubt, Does the REMOTE_ADDR can use CIDR notation or is it only >> for exact matches as the example in the reference manual? >> >> Example: >> SecRule REMOTE_ADDR "@ipMatch 192.168.1.101" "id:35" >> >> I will like to use a rule that can block a range of /16's IPs. >> >> > Hi Sergio, > > The REMOTE_ADDR variable simply holds the remote address of the client. > The ipMatch operator does support CIDR notation. For example the following > rule blocks a /16 address range: > > SecRule REMOTE_ADDR "@ipMatch 10.0.0.0/16" > "phase:1,id:1,block,msg:'Blocked request due to source IP'" > > -- > - Josh > > Thanks in advace. >> >> Regards, >> >> Sergio >> >> >> ------------------------------------------------------------------------------ >> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! >> Discover the easy way to master current and previous Microsoft >> technologies >> and advance your career. Get an incredible 1,500+ hours of step-by-step >> tutorial videos with LearnDevNow. Subscribe today and save! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
