[mod-security-users] Create rule to manually manipulate a collection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Create rule to manually manipulate a collection
|
From: Paul B. <pau...@ou...> - 2020-10-20 13:02:45
|
I'm currently trying to work out if there is a way I can manually manipulate a collection, and also use this to enable two or more Apache servers to interact with each other, so that IP deny lists could be synchronised with each other. I'm starting from looking at the CRS Denial-of-service rule. I'd like to be able to manually add or remove an IP from the list. My current thoughts were to use some administrative URL's (appropriately authenticated / protected): <protocol://<host>/ip/block/<ip> <protocol://<host>/ip/unblock/<ip> And have Modsecurty rules capture the IP out of the URL (or from a POST parameter), and use this to manipulate the IP collection. I've been trying unsucesfully to find any examples of doing something like this. There seems to be two main challenges, which I'm not sure if there's a way to achieve: 1) Using ModSecurity (or other apache module) capture the IP from the URL (or another element eg. POST parameter of the request) 2) Use captured IP value to manipulate ip.dos_block - (using captured value rather than the requesting IP) I'm assuming that to create the syncrhonisation between two or more servers I'd then have to create a rule using lua to GET/POST request to the other servers. Any help would be greatly appreciated. Thanks, Paul |
