Re: [mod-security-users] Filter Rules by IP Address
Brought to you by:
victorhora,
zimmerletw
From: Naveen A. <na...@gm...> - 2005-10-25 17:02:32
|
Chris, I have attached my conf file. WOuld you please look at it. I have placed the rule right below the SecFilterEngine. In that case wont that rule be higher than other ones. Maybe i am sounding dumb. I am trying to read the book and understand slowly. I would appreciate if you can look at the conf file. Everyone on this list is so active helpful. Thanks a lot, naveen On 10/25/05, Christopher Murley <mu...@to...> wrote: > > HI Naveen, your problem isn't with the IP rule you created. You error was= : > > mod_security-message: Access denied with code 403. Pattern match "/tmp" a= t > THE_REQUEST > > > The request you sent: > > GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232 > > has /TMP (lowercased) /tmp in it. You must have another rule higher in > your chain thats disallowing URLS referencing /tmp. > > -- > Regards, > > -Chris > > _______________________________________________ > Christopher Murley > Network Administrator > TownNews.Com > 800.293.9576 > > Naveen Amradi said: > > HI Ryan, > > I appreciate your quick response and help. > > I am still not able to configure it properly. > > Just like u said i added > > > > SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass > > I tried putting it right below the SecFilterEnging and other places too= . > > And i am getting this error in the log file. Maybe i am missing > something. > > > > UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE > > Request: 196.168.0.94 <http://196.168.0.94> <http://196.168.0.94> - - > [25/Oct/2005:11:39:02 > > --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232 > > Handler: server-parsed > > ---------------------------------------- > > GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1 > > User-Agent: Contribute > > Host: www.outreach.olemiss.edu <http://www.outreach.olemiss.edu> < > http://www.outreach.olemiss.edu/> > > Cookie: > > > phpbb2mysql_data=3Da%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22= %3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D; > > PHPSESSID=3D59ded4be35990378545d942f2a11c0f9 > > mod_security-message: Access denied with code 403. Pattern match "/tmp" > at > > THE_REQUEST > > mod_security-action: 403 > > > > HTTP/1.1 403 Forbidden > > Content-Length: 232 > > > > Could you help me?And Just for info i am trying to configure Macromedia > > Contribute. > > > > Thanks a lot, > > > > naveen > > > > On 10/25/05, Ryan Barnett <rcb...@gm...> wrote: > >> > >> Naveen, > >> Think of the mod_security directives (SecFilter|SecFilterSelective) as > >> you > >> would firewall rules in that the order in which they are specified in > >> the > >> httpd.conf file does matter. Again, like firewall rules, once a filter > >> matches the incoming HTTP request it will trigger the actions > specified. > >> With this being said, if you want to "whitelist" an IP address to allo= w > >> this > >> client access, then add in a rule like this near the top of your > >> Mod_Security directives - > >> SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass > >> Add this just below the mod_security general directives (such as > >> SecFilterEngine, etc....). > >> That should do it. > >> > >> -- > >> Ryan C. Barnett > >> Web Application Security Consortium (WASC) Member > >> CIS Apache Benchmark Project Lead > >> SANS Instructor: Securing Apache > >> GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > >> Author: Preventing Web Attacks with Apache > >> On 10/25/05, Naveen Amradi <na...@gm...> wrote: > >> > > >> > HI All, > >> > > >> > Newbie of ModSecurity. I was wondering is there a way to > >> > open up rules for certain ip addresses. > >> > > >> > Thanks a gazillion! > >> > Naveen > >> > >> > >> > >> > >> > > > > |