[mod-security-users] Getting first SecSelectiveFilter to work
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Getting first SecSelectiveFilter to work
|
From: <Ral...@it...> - 2006-02-22 18:32:30
|
Hello, after having read about mod_security in O'Reilley's APACHE SECURITY I downloaded, installed and integrated the module into our webserver. This was all very easy. However, now I even fail to get the most basic filter to work. Before I can establish any useful filters I need to convince myself that I understood their concept and syntax correctly. As a Perl fan I would assume that I have a basic knowledge of Perl's regex's, and the mod_security doc claims it to be PCRE capable. For instance just to get started I loaded mod_status and collect from the /server-status?auto URI the scoreboard where I have a cronjob counting the various chars to be fed to Munin stats for its neat rrdgraph-ing. This is done by a simple LWP request that has the HTTP header modified to give a User-Agent: token similar to "$(uname -n)-status" Although that <Location> has an Allow from IP range restriction it would further soothe paranoia if one could parse for an allowed user agent (admittedly, this wouldn't require mod_security I guess) When I add a line like this to my mod_security.conf file=20 (n.b. Include-d in httpd.conf within a <IfDefined SEC> block) SecFilterSelective HTTP_Header /agent:?\s*(?:hostA|hostB)-status/i log,pass and send the master httpd a SIGHUP (i.e. apachectl graceful, which earlier started with -DSEC), and then again run my server-status request nothing gets logged as the filter doesn't seem to work. I changed other directives such as e.g. SecServerSignature just to verify that=20 my tinkering gets recognized at all, and the latter one works if the ServerToken is reset to Full. Btw, it would be a nice feature if one could place an exec action next to SecServerSignature to sort of get "randomized" server signatures (e.g. day of week or similar) Rgds Ralph |
