Re: [mod-security-users] filtering with no log
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] filtering with no log
|
From: Ivan R. <iv...@we...> - 2006-02-16 13:07:44
|
David De Maeyer wrote:
> Hi all,
>
> I have installed mod_security on one of our corporate
> servers (mod_security: 1.9.2, apache: 2.0.55, OS:
> FreeBSD 6, PHP: 5.1.2) and it works fine.
>
> I first installed mod_security for its ability to log
> POST requests. This works fine for me.
>
> I was wondering if I could use it for filtering and
> rejecting all the requests which are not
> identified/addressed by/to a specific web application;
> logging only the successful requests into access.log.
>
> Say a client sends a POST request containing a
> variable "origin" to a PHP script called "test.php"
> served by the server on which mod_security is
> installed and configured.
How about this:
# deny everything quietly
SecFilterSelective REMOTE_ADDR !^$ deny,status:404,nolog
# apply special rules to /test.php only
<Location /test.php>
# start with no rules
SecFilterInheritance Off
# you did say "POST" only, right?
SecFilterSelective REQUEST_METHOD "^POST$" chain
# variable "origin" not empty
SecFilterSelective ARG_origin !^$ allow,nolog,setenv:valid_request
# deny everything else quietly
SecFilterSelective REMOTE_ADDR !^$ deny,status:404,nolog
</Location>
# Custom Apache log that logs only accepted requests
CustomLog logs/custom_access_log \
"%h %l %u %t \"%r\" %>s %b" \
env=valid_request
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
|
