Re: [mod-security-users] Does REMOTE_ADDR directive can handle CIDR notation?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Does REMOTE_ADDR directive can handle CIDR notation?
|
From: Sergio <se...@gm...> - 2013-08-28 00:19:18
|
GREAT !!!! Thank you, Ryan. On Tue, Aug 27, 2013 at 6:06 PM, Ryan Barnett <RBa...@tr...>wrote: > > From: Sergio <se...@gm...> > Reply-To: "mod...@li..." < > mod...@li...> > Date: Tuesday, August 27, 2013 8:02 PM > To: "mod...@li..." < > mod...@li...> > Subject: Re: [mod-security-users] Does REMOTE_ADDR directive can handle > CIDR notation? > > Thank you, Josh! > > One more question, is it possible to check the @ipMatch with a file > filled with the CIDR IPs that I want to block? > > > > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-ipMatchFromFile > > -Ryan > > > Something like this? > > SecRule REMOTE_ADDR "@ipMatch IPs-blacklist.txt <http://10.0.0.0/16>" > "phase:1,id:1,block,msg:' > Blocked request due to source IP'" > > Right now I am using my rule: > SecRule REMOTE_ADDR "!@pmFromFile IPs-whitelist.txt" \ > "chain,deny,nolog,id:199,rev:2,msg:'IP Match: IP is on My IPs > Blacklist',severity:'3'" > SecRule REMOTE_ADDR "@pmFromFile IPs-blacklist.txt" > > But I need to make it more flexible, so I can use CIDRs and that will be > great. > > Regards, > > Sergio > > > On Tue, Aug 27, 2013 at 1:28 PM, Josh Amishav-Zlatin <ja...@ow...>wrote: > >> On Tue, Aug 27, 2013 at 10:14 PM, Sergio <se...@gm...> wrote: >> >>> Hi all, >>> I have a doubt, Does the REMOTE_ADDR can use CIDR notation or is it only >>> for exact matches as the example in the reference manual? >>> >>> Example: >>> SecRule REMOTE_ADDR "@ipMatch 192.168.1.101" "id:35" >>> >>> I will like to use a rule that can block a range of /16's IPs. >>> >>> >> Hi Sergio, >> >> The REMOTE_ADDR variable simply holds the remote address of the client. >> The ipMatch operator does support CIDR notation. For example the following >> rule blocks a /16 address range: >> >> SecRule REMOTE_ADDR "@ipMatch 10.0.0.0/16" >> "phase:1,id:1,block,msg:'Blocked request due to source IP'" >> >> -- >> - Josh >> >> Thanks in advace. >>> >>> Regards, >>> >>> Sergio >>> >>> ------------------------------------------------------------------------------ >>> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! >>> Discover the easy way to master current and previous Microsoft >>> technologies >>> and advance your career. Get an incredible 1,500+ hours of step-by-step >>> tutorial videos with LearnDevNow. Subscribe today and save! >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! >> Discover the easy way to master current and previous Microsoft >> technologies >> and advance your career. Get an incredible 1,500+ hours of step-by-step >> tutorial videos with LearnDevNow. Subscribe today and save! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> >> > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk_______________________________________________mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-usersCommercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |
