Re: [mod-security-users] can I do this with mod_security?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] can I do this with mod_security?
|
From: Ivan R. <iv...@we...> - 2004-01-19 23:48:29
|
Didier Wiroth wrote: > Hi, > (apache, *nix, newbie) > > As you are referring to mod_rewrite and mod_bandwidth on your homepage but I didn't exactly find these options in the doc. My purpose would be to only use mod_security and disable 3 other modules (setenvif, rewrite, bandwidth). > > I'm using mod_rewrite & mod_setenvif to do the following: > (I know it isn't secure :-), it is only for testing) > > SetEnvIfNoCase Referer "^http://www.home.local" locally_linked=1 > <FilesMatch "\.(html|gif|zip)$"> > Order Allow,Deny > Allow from env=locally_linked > </FilesMatch> > > The server asks for the referrer and denies access to the server if the referrer isn't http://www.home.local. > > 1) Can I do this with mod_security, if so, how would the syntax look like when referring to the above sample? SecFilterSelective HTTP_REFERER "!^http:/www\.home\.local" ^ this is not an error The above will deny all requests whose referrer information does not match yours. > 2) Concerning mod_bandwidth I have one additional question, is > mod_security able to do bandwidth throttling, allow max 2 simultanous > connections (which is interesting while downloading larger files, > zip files etc..) My purpose of this would be to set a download limit > of XY kb per seconds per ip and that users won't be able to start a > third download until there is one of the two download (slots) free. No, mod_security does not do any of that. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
