Re: [mod-security-users] 2 newbie questions ...
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] 2 newbie questions ...
|
From: Ivan R. <iv...@we...> - 2006-03-20 20:16:19
|
Thomas Fuerle wrote:
> Hi list,
>
> 1.) reduced access_log
>
> I wonder if there is chance to configure mod_security, that filtered
> requests does not show up in the access_log. I would like to see
> something like
The following will *not* log filtered requests:
CustomLog logs/modsec_custom_log \
"%h %l %u %t \"%r\" %>s %b %{mod_security-message}i" \
env=!mod_security-relevant
> 2.) block everything but ...
>
> I would like to issue a positive list like block everything but. It
> looks like this ...
>
> SecFilter .jsp "nolog,allow"
> SecFilter /robots.txt "nolog,allow"
> SecFilter !.do
You're close but this is better:
SecFilterSelective SCRIPT_FILENAME \.jsp$ "nolog,allow"
But you'll need further chained rules to verify the
parameters are correct and do not contain attacks, no?
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
