Thread: [mod-security-users] libmodsecurity collection files location
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Ehsan M. <ehs...@gm...> - 2018-06-11 08:51:18
|
Hi all Modsecurity version 2 had some collection files like ip.pag, global.pag and etc stored in location specified by SecDataDir . Migrating to modsec V3.0 I can't find such files there. Where should I be looking at? Thank you all |
|
From: Ervin H. <ai...@gm...> - 2018-06-11 09:55:46
|
Hi Ehsan, On Mon, Jun 11, 2018 at 01:20:58PM +0430, Ehsan Mahdavi wrote: > Hi all > > Modsecurity version 2 had some collection files like ip.pag, global.pag and > etc stored in location specified by SecDataDir . > Migrating to modsec V3.0 I can't find such files there. > > Where should I be looking at? I've never used ModSecurity 2, but in V3, as I know (and if it's analog what you describe above) there are two kinds of type of collections: * in-memory * lmdb See the source: https://github.com/SpiderLabs/ModSecurity/blob/95048d5fcfe43147ab0269bff69e2353817cb7c7/src/modsecurity.cc#L65 https://github.com/SpiderLabs/ModSecurity/tree/v3/master/src/collection/backend So, the in-memory backend stores the variables in memory, LMDB stores in an LMDB database, therefore I'm afraid there aren't any other files, what you're looking for. Note, that the LMDB collection doesn't work in this state, the patch are waiting for the merge: https://github.com/SpiderLabs/ModSecurity/pull/1787 But may be I'm wrong and you're talking about totally another context of collections. :) a. |
|
From: Ehsan M. <ehs...@gm...> - 2018-06-12 05:48:53
|
Hello Ervin, Thanks for your response. I think you are talking about the correct options. But to be more specific I need to reset the statistics collected about different source IP addresses. These statistics are used to determine IP:DOS_BLOCK and I need to reset them sometimes. In Modsecurity V2.x it was enough to delete some of those files. How Do I do this in V3.0? regards On Mon, Jun 11, 2018 at 2:28 PM Ervin Hegedüs <ai...@gm...> wrote: > Hi Ehsan, > > On Mon, Jun 11, 2018 at 01:20:58PM +0430, Ehsan Mahdavi wrote: > > Hi all > > > > Modsecurity version 2 had some collection files like ip.pag, global.pag > and > > etc stored in location specified by SecDataDir . > > Migrating to modsec V3.0 I can't find such files there. > > > > Where should I be looking at? > > I've never used ModSecurity 2, but in V3, as I know (and if it's > analog what you describe above) there are two kinds of type of > collections: > > * in-memory > * lmdb > > See the source: > > > https://github.com/SpiderLabs/ModSecurity/blob/95048d5fcfe43147ab0269bff69e2353817cb7c7/src/modsecurity.cc#L65 > > https://github.com/SpiderLabs/ModSecurity/tree/v3/master/src/collection/backend > > So, the in-memory backend stores the variables in memory, LMDB > stores in an LMDB database, therefore I'm afraid there aren't any > other files, what you're looking for. > > > Note, that the LMDB collection doesn't work in this state, the > patch are waiting for the merge: > https://github.com/SpiderLabs/ModSecurity/pull/1787 > > But may be I'm wrong and you're talking about totally another > context of collections. :) > > > > a. > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Ervin H. <ai...@gm...> - 2018-06-12 06:15:03
|
Hi Ehsan, I'm not sure, but the "expirevar" can helps you. You can find many examples (not just for this issue) here: https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/ especially: https://github.com/SpiderLabs/ModSecurity/blob/v3/master/test/test-cases/regression/collection-resource.json#L50 Note, that I'm also not sure, but afraid that this function ("expirevar") doesn't work if the collection backend is LMDB. HTH, a. On Tue, Jun 12, 2018 at 10:18:33AM +0430, Ehsan Mahdavi wrote: > Hello Ervin, > Thanks for your response. > I think you are talking about the correct options. But to be more specific > I need to reset the statistics collected about different source IP > addresses. These statistics are used to determine IP:DOS_BLOCK and I need > to reset them sometimes. > In Modsecurity V2.x it was enough to delete some of those files. > How Do I do this in V3.0? > > regards > > > > On Mon, Jun 11, 2018 at 2:28 PM Ervin Hegedüs <ai...@gm...> wrote: > > > Hi Ehsan, > > > > On Mon, Jun 11, 2018 at 01:20:58PM +0430, Ehsan Mahdavi wrote: > > > Hi all > > > > > > Modsecurity version 2 had some collection files like ip.pag, global.pag > > and > > > etc stored in location specified by SecDataDir . > > > Migrating to modsec V3.0 I can't find such files there. > > > > > > Where should I be looking at? > > > > I've never used ModSecurity 2, but in V3, as I know (and if it's > > analog what you describe above) there are two kinds of type of > > collections: > > > > * in-memory > > * lmdb > > > > See the source: > > > > > > https://github.com/SpiderLabs/ModSecurity/blob/95048d5fcfe43147ab0269bff69e2353817cb7c7/src/modsecurity.cc#L65 > > > > https://github.com/SpiderLabs/ModSecurity/tree/v3/master/src/collection/backend > > > > So, the in-memory backend stores the variables in memory, LMDB > > stores in an LMDB database, therefore I'm afraid there aren't any > > other files, what you're looking for. > > > > > > Note, that the LMDB collection doesn't work in this state, the > > patch are waiting for the merge: > > https://github.com/SpiderLabs/ModSecurity/pull/1787 > > > > But may be I'm wrong and you're talking about totally another > > context of collections. :) > > > > > > > > a. > > > > > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
Thanks for helping keep SourceForge clean.
X