[mod-security-users] RE: Mod_security question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] RE: Mod_security question
|
From: Spence, I. (ELS-CAM) <I.S...@El...> - 2005-03-01 16:39:30
|
Ivan Our target platform is Windows server. Given the download page states testing has stopped for Windows would you advise on deploying 1.9 codebase on Windows? I am very interesting in deploying your suggested enhancement "SecFilterExternal". Ian Spence -----Original Message----- From: Ivan Ristic [mailto:iv...@we...] Sent: 01 March 2005 15:04 To: Spence, Ian (ELS-CAM) Cc: mod...@li... Subject: Re: Mod_security question Spence, Ian (ELS-CAM) wrote: > Ivan > > Can mod_security check on a token parameter in the URL? > > E.g. _http://server/app?token=digestTokenValue_ > > I want the receiving web server to check the token value against an > agreed algorithm, for a start it will be MD5 digested. > > I notice with the mod_security rules you can trap on certain parameter > values i.e. regex, but given a match can you run a script and then > depending on the result of the script, either reject or accept the > http request. Yes, mod_security can do that. I've added that functionality to the 1.9.x branch, so far only in the Apache 1.x version of the module. The new directive is called SecFilterExternal and it takes only one parameter - the name of the script to execute. The script will get the path to the file containing request parameters (only that at the moment) as its first parameter. Here's an example of a script that uses this feature to interface to SpamAssassin: http://cvs.sourceforge.net/viewcvs.py/mod-security/mod_security/util/filter_ spamc.pl?rev=1.1&view=auto This functionality is still rough and I plan to change the data exchange format before the final 1.9.x. version (e.g. to include the request headers). But it works and you can play with it in the meantime. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
