Re: [mod-security-users] Filter Rules by IP Address
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Filter Rules by IP Address
|
From: Jeffrey K. <jef...@gm...> - 2005-10-25 13:02:41
|
Ryan: Just to follow up on your comment about firewall rules: In the case of a high volume/high traffic site, would rules for specific IP addresses -- say, a couple particularly bad spammers -- be better handled at the IP tables level so that the hits don't even get far enough to cause load on Apache (and mod_security) ? -Jeff Jeffrey Knight Oceansuit Information Systems, LLC www.oceansuit.com On 10/25/05, Ryan Barnett <rcb...@gm...> wrote: > Naveen, > Think of the mod_security directives (SecFilter|SecFilterSelective) as yo= u > would firewall rules in that the order in which they are specified in the > httpd.conf file does matter. Again, like firewall rules, once a filter > matches the incoming HTTP request it will trigger the actions specified. > With this being said, if you want to "whitelist" an IP address to allow t= his > client access, then add in a rule like this near the top of your > Mod_Security directives - > > SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass > > Add this just below the mod_security general directives (such as > SecFilterEngine, etc....). > > That should do it. > > -- > Ryan C. Barnett > Web Application Security Consortium (WASC) Member > CIS Apache Benchmark Project Lead > SANS Instructor: Securing Apache > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > Author: Preventing Web Attacks with Apache > > > On 10/25/05, Naveen Amradi <na...@gm...> wrote: > > HI All, > > > > Newbie of ModSecurity. I was wondering is there a way to > > open up rules for certain ip addresses. > > > > Thanks a gazillion! > > Naveen > > > > |
