Re: [mod-security-users] inclusive filter rule set "default deny all mode"
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] inclusive filter rule set "default deny all mode"
|
From: joe b. <joe...@ya...> - 2006-04-09 22:44:51
|
I added debug level 9 and got a little better understanding of what is happening. In testing I got this rule to work. SecFilterSelective REQUEST_URI "!^(/mls_fsbo_signup.php|/00.00-web_style_sheet.css|/button.php)$" Still the problem is I have 54 scripts to include in this rule and the rule will not get clean syntax if I code it with one script name per contuined line. I am running version 1.9.2 How can I contuine rule across many lines? Would coding the rules this way work? SecFilterSelective REQUEST_URI "!^/mls_fsbo_signup.php" plus SecFilterSelective REQUEST_URI "!^/0.00-web_style_sheet.css" plus SecFilterSelective REQUEST_URI "!^/button.php" do the trick Ivan Ristic <iv...@we...> wrote: joe barbish wrote: > I tried this to list all the application files > > SecFilterSelective SCRIPT_FILENAME "!^00.00_Header.htm" > SecFilterSelective SCRIPT_FILENAME "!^00.00_Header.php" > SecFilterSelective SCRIPT_FILENAME "!^00.00-web_style_sheet.css" > SecFilterSelective SCRIPT_FILENAME "!^99.00-mls_ home_page_count.php" > SecFilterSelective SCRIPT_FILENAME "!^background5.jpg" > SecFilterSelective SCRIPT_FILENAME "!^background6.jpg" > SecFilterSelective SCRIPT_FILENAME "!^background7.jpg" > > and first rule terminates everything. Joe, A very useful ModSecurity feature called debug logging allows you to learn about how rules are processed. Since you are new to ModSecurity you need to turn debug logging on, set debug log level to 9, and observe what happens as you experiment. Here are some tips: * A dot is a metacharacter in regular expressions. You need to write it as \. * SCRIPT_FILENAME contains a full path to the file. Your rules only look at the base name. So you need to anchor the regular expression at the end: "!background\.jpg$" Even better, use SCRIPT_BASENAME with 1.9.3-rc2 or better. This variable contains only the basename, which is what you seem to want. > There are a lot more that 7 > files, so tried this > > SecFilterSelective SCRIPT_FILENAME "!^(00.00_Header.htm > |00.00_Header.php > |00.00-web_style_sheet.css > |99.00-mls_ home_page_count.php > |background5.jpg > |background6.jpg > |background7.jpg > |background8.jpg > |button.php > |class.phpmailer.php > |index.htm)$" > > and got syntax error on this !^( You have to let the parser know the next line is a continuation of the directive. Apache supports using "\" as the last character on the line for this purpose. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users --------------------------------- Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min. |
