Re: [mod-security-users] Filter Rules by IP Address
Brought to you by:
victorhora,
zimmerletw
From: Naveen A. <na...@gm...> - 2005-10-25 17:59:30
|
Just curious, Can i allow a full subnet like this SecFilterSelective REMOTE_ADDR ^196.168.0.*$ allow. I will give it a try. Thanks, naveen On 10/25/05, Naveen Amradi <na...@gm...> wrote: > SecFilterSelective REMOTE_ADDR ^196.168.0.94$ allow > worked. I tried that before Ryan replied but with allow,pass. > So i guess wiht pass in it, it was allowing the IP address but still > applying the other rules. > > I really appreciate your help guys. > > > Thanks a lot, > Naveen > > On 10/25/05, Ryan Barnett <rcb...@gm...> wrote: > > Sorry about that - I used the wrong env token. Use this instead - > > > > SecFilterSelective REMOTE_ADDR "^192\.168\.0\.94$" allow > > > > Also, just use "allow" at the end. This should tell mod_security to al= low > > the request and to not apply and other filters. > > > > If it is still getting blocked by another filter, check the debug log f= ile > > Looking at your conf file, you need to turn this on (0 does no logging)= . > > Set this log level to 9 if you want the most verbose info. - > > > > # You normally won't need debug logging > > SecFilterDebugLevel 9 > > SecFilterDebugLog logs/modsec_debug_log > > > > -- > > Ryan C. Barnett > > Web Application Security Consortium (WASC) Member > > CIS Apache Benchmark Project Lead > > SANS Instructor: Securing Apache > > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > > > Author: Preventing Web Attacks with Apache > > > > On 10/25/05, Naveen Amradi <na...@gm...> wrote: > > > > > > HI Ryan, > > > > > > I appreciate your quick response and help. > > > I am still not able to configure it properly. > > > Just like u said i added > > > > > > SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass > > > > > > I tried putting it right below the SecFilterEnging and other places t= oo. > > And i am getting this error in the log file. Maybe i am missing somethi= ng. > > > > > > > > > UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE > > > Request: 196.168.0.94 - - [25/Oct/2005:11:39:02 --0500] "GET > > /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232 > > > Handler: server-parsed > > > ---------------------------------------- > > > GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1 > > > User-Agent: Contribute > > > Host: www.outreach.olemiss.edu > > > Cookie: > > phpbb2mysql_data=3Da%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%= 22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D; > > PHPSESSID=3D59ded4be35990378545d942f2a11c0f9 > > > mod_security-message: Access denied with code 403. Pattern match "/tm= p" at > > THE_REQUEST > > > mod_security-action: 403 > > > > > > HTTP/1.1 403 Forbidden > > > Content-Length: 232 > > > > > > Could you help me?And Just for info i am trying to configure Macromed= ia > > Contribute. > > > > > > Thanks a lot, > > > > > > naveen > > > > > > > > > On 10/25/05, Ryan Barnett <rcb...@gm... > wrote: > > > > > > > > > > > Naveen, > > > > Think of the mod_security directives (SecFilter|SecFilterSelective)= as > > you would firewall rules in that the order in which they are specified = in > > the httpd.conf file does matter. Again, like firewall rules, once a fi= lter > > matches the incoming HTTP request it will trigger the actions specified= . > > With this being said, if you want to "whitelist" an IP address to allow= this > > client access, then add in a rule like this near the top of your > > Mod_Security directives - > > > > > > > > SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass > > > > > > > > Add this just below the mod_security general directives (such as > > SecFilterEngine, etc....). > > > > > > > > That should do it. > > > > > > > > -- > > > > Ryan C. Barnett > > > > Web Application Security Consortium (WASC) Member > > > > CIS Apache Benchmark Project Lead > > > > SANS Instructor: Securing Apache > > > > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > > > Author: Preventing Web Attacks with Apache > > > > > > > > > > > > On 10/25/05, Naveen Amradi <na...@gm... > wrote: > > > > > HI All, > > > > > > > > > > Newbie of ModSecurity. I was wondering is there a way to > > > > > open up rules for certain ip addresses. > > > > > > > > > > Thanks a gazillion! > > > > > Naveen > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |