mod-security-users

[mod-security-users] A few requests :)

[root <ro...@da...>]

Situation:
I got a few friends that like to test out my filter and stuff with the =
newest gadgets (retina for one) on my webserver.
Can you make a keyword in mod_security that lets me take away the =
protection/logging for certain ip's or ip ranges?

And while you are at it, can you make a black list as well? meaning that =
i want to log everything from a certain ip.

Also, a keyword in mod_security that makes the logs more readable to =
*programs* wouldn't hurt.=20

maybe something like:

[warning 31]
IP: 123.123.123.123
Browser: Internet Explorer 15.0 (15.0 would at least fix the security =
bugs in it....we hope!)
Request: GET /that_pron_picture.jpg
Referer: www.christianchurch.org
[/warning 31]


I realize that im asking for 3 changes at once but you can maybe can =
take a look at these requests?

thnx ivan. and great job! :D

Re: [mod-security-users] A few requests :)

[Ivan R. <iv...@we...>]

> I got a few friends that like to test out my filter and stuff with the 
> newest gadgets (retina for one) on my webserver.
> Can you make a keyword in mod_security that lets me take away the 
> protection/logging for certain ip's or ip ranges?

   That's easy, put this on top of your riles:

   SecFilterSelective REMOTE_ADDR "IP_ADDRESS" allow


> And while you are at it, can you make a black list as well? meaning that 
> i want to log everything from a certain ip.

   Can you be more specific? What does "everything" mean? Do you
   want to trigger the audit log only for a specific IP address?


> Also, a keyword in mod_security that makes the logs more readable to 
> *programs* wouldn't hurt.

   What stopping programs from reading the current format?

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]