Hi,
I've just subscribed so I'm not sure if this has been previously
discussed.
I've created a set of rules to explicitly allow certain files, e.g.
SecFilter "\.jsp|\.html|\.css|\.js|\.gif|\.jpg" "allow"
SecFilter "^/$" "allow" # (Still working on this one)
And I want to drop everything else.
SecFilter ".+" "log,status:406"
But from looking at the debug, when a match is made against the "allow"
rules, mod_security doesn't stop processing and continue on until it
either gets to the end of the filter rules, or hits a deny filter (e.g.
my deny everything else rule).
Debug from request http://192.168.0.50/apache_pb.gif
[06/Aug/2003:11:01:33 +1000]
[192.168.0.50/sid#80ef438][rid#8185fd8][/apache_pb.gif] Checking
signature "\.jsp|\.html|\.css|\.js|\.gif|\.jpg" at THE_REQUEST
[06/Aug/2003:11:01:33 +1000]
[192.168.0.50/sid#80ef438][rid#8185fd8][/apache_pb.gif]
check_sig_against_string: string: /apache_pb.gif regex_result: 0
is_allow: 0
I'm assuming (Assumptions being the mother of all #$%^ ups) that the
"regex_result: 0 is_allow: 0" in the second line means it matched OK.
But it continues matching the request against the rest of the rules.
My question is, is the 'allow' action the wrong action for the job and
I should be using a different action?
Or is my rule set just destined to not work?
Is there a different approach I should be using to achieve the same
results?
Thanks
Brett
MBL: 0414 680 664
Direct Office: (03)96824977
*************************************
b-sec http://www.b-sec.com.au
Melbourne: 03 9682 5700
Brisbane: 07 3374 3011
Sydney: 02 9908 5100
National Fax + 61 7 3374 3022
Email Disclaimer: www.b-sec.com.au/disclaimer.txt
*************************************
|
