Re: [mod-security-users] Filter Rules by IP Address
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Filter Rules by IP Address
|
From: Ryan B. <rcb...@gm...> - 2005-10-25 11:38:16
|
Naveen, Think of the mod_security directives (SecFilter|SecFilterSelective) as you would firewall rules in that the order in which they are specified in the httpd.conf file does matter. Again, like firewall rules, once a filter matches the incoming HTTP request it will trigger the actions specified. With this being said, if you want to "whitelist" an IP address to allow thi= s client access, then add in a rule like this near the top of your Mod_Security directives - SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass Add this just below the mod_security general directives (such as SecFilterEngine, etc....). That should do it. -- Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor: Securing Apache GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache On 10/25/05, Naveen Amradi <na...@gm...> wrote: > > HI All, > > Newbie of ModSecurity. I was wondering is there a way to > open up rules for certain ip addresses. > > Thanks a gazillion! > Naveen |
