Re: [mod-security-users] Filter Rules by IP Address

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sorry about that - I used the wrong env token. Use this instead -
 SecFilterSelective REMOTE_ADDR "^192\.168\.0\.94$" allow
 Also, just use "allow" at the end. This should tell mod_security to allow
the request and to not apply and other filters.
 If it is still getting blocked by another filter, check the debug log file
Looking at your conf file, you need to turn this on (0 does no logging). Se=
t
this log level to 9 if you want the most verbose info. -
 # You normally won't need debug logging
SecFilterDebugLevel 9
SecFilterDebugLog logs/modsec_debug_log

--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
 On 10/25/05, Naveen Amradi <na...@gm...> wrote:
>
> HI Ryan,
>   I appreciate your quick response and help.
>  I am still not able to configure it properly.
> Just like u said i added
>
> SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass
>  I tried putting it right below the SecFilterEnging and other places too.
> And i am getting this error in the log file. Maybe i am missing something=
.
>
> UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE
> Request: 196.168.0.94 <http://196.168.0.94/> - - [25/Oct/2005:11:39:02
> --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232
> Handler: server-parsed
> ----------------------------------------
> GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1
> User-Agent: Contribute
> Host: www.outreach.olemiss.edu <http://www.outreach.olemiss.edu/>
> Cookie:
> phpbb2mysql_data=3Da%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22=
%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D;
> PHPSESSID=3D59ded4be35990378545d942f2a11c0f9
> mod_security-message: Access denied with code 403. Pattern match "/tmp" a=
t
> THE_REQUEST
> mod_security-action: 403
>
> HTTP/1.1 403 Forbidden
> Content-Length: 232
>
> Could you help me?And Just for info i am trying to configure Macromedia
> Contribute.
>
> Thanks a lot,
>
> naveen
>
>  On 10/25/05, Ryan Barnett <rcb...@gm...> wrote:
> >
> > Naveen,
> > Think of the mod_security directives (SecFilter|SecFilterSelective) as
> > you would firewall rules in that the order in which they are specified =
in
> > the httpd.conf file does matter. Again, like firewall rules, once a
> > filter matches the incoming HTTP request it will trigger the actions
> > specified. With this being said, if you want to "whitelist" an IP addre=
ss to
> > allow this client access, then add in a rule like this near the top of =
your
> > Mod_Security directives -
> >  SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass
> >  Add this just below the mod_security general directives (such as
> > SecFilterEngine, etc....).
> >  That should do it.
> >
> > --
> > Ryan C. Barnett
> > Web Application Security Consortium (WASC) Member
> > CIS Apache Benchmark Project Lead
> > SANS Instructor: Securing Apache
> > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
> > Author: Preventing Web Attacks with Apache
> >   On 10/25/05, Naveen Amradi <na...@gm... > wrote:
> > >
> > > HI All,
> > >
> > > Newbie of ModSecurity. I was wondering is there a way to
> > > open up rules for certain ip addresses.
> > >
> > > Thanks a gazillion!
> > > Naveen
> >
> >
> >
> >
> >
>