Re: [mod-security-users] inclusive filter rule set "default deny all mode"
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] inclusive filter rule set "default deny all mode"
|
From: Ivan R. <iv...@we...> - 2006-04-09 18:56:03
|
joe barbish wrote:
> I tried this to list all the application files
>
> SecFilterSelective SCRIPT_FILENAME "!^00.00_Header.htm"
> SecFilterSelective SCRIPT_FILENAME "!^00.00_Header.php"
> SecFilterSelective SCRIPT_FILENAME "!^00.00-web_style_sheet.css"
> SecFilterSelective SCRIPT_FILENAME "!^99.00-mls_ home_page_count.php"
> SecFilterSelective SCRIPT_FILENAME "!^background5.jpg"
> SecFilterSelective SCRIPT_FILENAME "!^background6.jpg"
> SecFilterSelective SCRIPT_FILENAME "!^background7.jpg"
>
> and first rule terminates everything.
Joe,
A very useful ModSecurity feature called debug logging allows
you to learn about how rules are processed. Since you are new
to ModSecurity you need to turn debug logging on, set debug
log level to 9, and observe what happens as you experiment.
Here are some tips:
* A dot is a metacharacter in regular expressions. You
need to write it as \.
* SCRIPT_FILENAME contains a full path to the
file. Your rules only look at the base name. So you
need to anchor the regular expression at the end:
"!background\.jpg$"
Even better, use SCRIPT_BASENAME with 1.9.3-rc2 or better.
This variable contains only the basename, which is what
you seem to want.
> There are a lot more that 7
> files, so tried this
>
> SecFilterSelective SCRIPT_FILENAME "!^(00.00_Header.htm
> |00.00_Header.php
> |00.00-web_style_sheet.css
> |99.00-mls_ home_page_count.php
> |background5.jpg
> |background6.jpg
> |background7.jpg
> |background8.jpg
> |button.php
> |class.phpmailer.php
> |index.htm)$"
>
> and got syntax error on this !^(
You have to let the parser know the next line is a continuation
of the directive. Apache supports using "\" as the last character on
the line for this purpose.
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
Apache Security (O'Reilly): http://www.apachesecurity.net
|
