Re: [mod-security-users] [Fwd: Question about ModSecurity on a Reverse proxy]
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] [Fwd: Question about ModSecurity on a Reverse proxy]
|
From: Ivan R. <iv...@we...> - 2005-03-16 16:14:37
|
Geoffroy Raimbault: > > I have a small problem using Modsecurity on a reverse proxy with apache2 > filtering on CGI variables. It seems that some variable like > REQUEST_FILENAME or SCRIPT_FILENAME are changed by mod_proxy before > being filtered by mod_security. > > > For example, In trying to filter the access to files having an ".inc" > extension with the filter : > > SecFilterSelective REQUEST_FILENAME ".inc$" This should be "\.inc$", BTW. > But, looking in the modsecurity debugs log, we can see that it try the > filter on a modified REQUEST_FILENAME : > > """" > [09/Mar/2005:18:39:20 +0100] > [www.site11.com/sid#8166dd8][rid#81bc3f8][/config.inc] Checking > signature "\\.inc$" at REQUEST_FILENAME > [09/Mar/2005:18:39:20 +0100] > [www.site11.com/sid#8166dd8][rid#81bc3f8][/config.inc] Checking against > "proxy:http://192.168.20.151/config.inc?test=1" > """" Yes, that's how Apache handles proxying internally. > May be there is something to do with the module ordering process of > Apache 2 to solve the problem ? No, I don't think so. And in Apache 2 the module ordering process is handled internally so you can't influence it. But if the target resource is on another server then I think you should not try to use the REQUEST_FILENAME variable. Try something else, for example, use REQUEST_URI and \. SecFilterSelective REQUEST_URI (\.inc$|\.inc\?) > > Geoffroy -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
