Thread: [mod-security-users] disable mod_security per REMOTE_ADDR
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Achim H. <ki...@se...> - 2005-08-30 14:03:03
|
for testing a live platform I need to disable mod_security. I know that SecFilterSelective can be triggered on REMOTE_ADDR, but I'm unshure if it can be used to disable *all* tests for a specific IP without changing all rules from SecFilter to SecFilterSelective. Does someone have an example to achieve this? Thanks Achim |
|
From: Achim H. <ki...@se...> - 2005-08-30 15:01:37
|
my goal is to have mod_security active all the time (SecFilterEngine On), but
not active for a specific IP.
I'm asking for a simple general switch like "SecFilterEngine Off" but just for
an IP. I want to have all rules disabled for that IP while still active for all
others ('cause it is a live server).
Does this better describe what I need?
Ryan Barnett wrote on 30.08.2005 16:30:
> Not sure if I am missing what you are trying to test, however based on
> your first sentence, you should just be able to set SecFilterEngine
> Off. If you only want to disable the tests for specific
> SecFilterSelective REMOTE_ADDR XXX.XXX.XXX.XXX rules, you may be out of
> luck.
>The SecFilterEngine directive is an all or nothing setting.
That's how I understand it and why I'm asking here ;-)
>
> --
> Ryan C. Barnett
> Web Application Security Consortium (WASC) Member
> CIS Apache Benchmark Project Lead
> SANS Instructor: Securing Apache
> GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
>
>
> On 8/30/05, *Achim Hoffmann* <ki...@se...
> <mailto:ki...@se...>> wrote:
>
> for testing a live platform I need to disable mod_security.
> I know that SecFilterSelective can be triggered on REMOTE_ADDR, but
> I'm unshure if it can
> be used to disable *all* tests for a specific IP without changing
> all rules from
> SecFilter to SecFilterSelective.
>
> Does someone have an example to achieve this?
>
> Thanks
> Achim
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams *
> Testing & QA
> Security * Process Improvement & Measurement *
> http://www.sqe.com/bsce5sf
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> <mailto:mod...@li...>
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
>
>
|
|
From: Ryan B. <rcb...@gm...> - 2005-08-30 15:13:09
|
OK, well then you should be able to place a new filter at the top of your= =20 rules file to tell mod_security to allow all requests from that specific IP= =20 by changing the default action to "allow" - SecFilterSelective REMOTE_ADDR 192.168.1.100 <http://192.168.1.100> allow See the user manual (pg. 21) -=20 http://www.modsecurity.org/documentation/modsecurity-manual.pdf -Ryan On 8/30/05, Achim Hoffmann <ki...@se...> wrote:=20 >=20 > my goal is to have mod_security active all the time (SecFilterEngine On),= =20 > but > not active for a specific IP. > I'm asking for a simple general switch like "SecFilterEngine Off" but jus= t=20 > for > an IP. I want to have all rules disabled for that IP while still active= =20 > for all > others ('cause it is a live server). >=20 > Does this better describe what I need? >=20 >=20 > Ryan Barnett wrote on 30.08.2005 16:30: > > Not sure if I am missing what you are trying to test, however based on > > your first sentence, you should just be able to set SecFilterEngine > > Off. If you only want to disable the tests for specific > > SecFilterSelective REMOTE_ADDR XXX.XXX.XXX.XXX rules, you may be out of > > luck. >=20 > >The SecFilterEngine directive is an all or nothing setting. >=20 > That's how I understand it and why I'm asking here ;-) >=20 >=20 > > > > -- > > Ryan C. Barnett > > Web Application Security Consortium (WASC) Member > > CIS Apache Benchmark Project Lead > > SANS Instructor: Securing Apache > > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > > > > > On 8/30/05, *Achim Hoffmann* <ki...@se... > > <mailto:ki...@se...>> wrote: > > > > for testing a live platform I need to disable mod_security. > > I know that SecFilterSelective can be triggered on REMOTE_ADDR, but > > I'm unshure if it can > > be used to disable *all* tests for a specific IP without changing > > all rules from > > SecFilter to SecFilterSelective. > > > > Does someone have an example to achieve this? > > > > Thanks > > Achim > > > > > > ------------------------------------------------------- > > SF.Net email is Sponsored by the Better Software Conference & EXPO > > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > > Practices > > Agile & Plan-Driven Development * Managing Projects & Teams * > > Testing & QA > > Security * Process Improvement & Measurement * > > http://www.sqe.com/bsce5sf > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > <mailto:mod...@li...> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > >=20 >=20 > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle=20 > Practices > Agile & Plan-Driven Development * Managing Projects & Teams * Testing & Q= A > Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users >=20 --=20 Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor: Securing Apache GCIA, GCFA, GCIH, GSNA, GCUX, GSEC |
|
From: Ivan R. <iv...@we...> - 2005-08-30 15:25:44
|
Ryan Barnett wrote: > OK, well then you should be able to place a new filter at the top of > your rules file to tell mod_security to allow all requests from that > specific IP by changing the default action to "allow" - > > SecFilterSelective REMOTE_ADDR 192.168.1.100 allow That's better written as ^192\.168\.1\.100$ > See the user manual (pg. 21) - > http://www.modsecurity.org/documentation/modsecurity-manual.pdf But that's not the same as SecFilterEngine Off. The default processing would still go on, as would POST buffering. Perhaps another variable, to conditionally stop mod_security execution (to be used together with SetEnvIf) is in order? I'll give it a try tomorrow. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
|
From: Achim H. <ah...@se...> - 2005-08-30 15:32:50
|
>> .. new filter at the top of your rules file .. that's exactly what I was looking for! Think I should learn to read ;-) Thank's very much Achim Ryan Barnett wrote on 30.08.2005 17:12: > OK, well then you should be able to place a new filter at the top of > your rules file to tell mod_security to allow all requests from that > specific IP by changing the default action to "allow" - > > SecFilterSelective REMOTE_ADDR 192.168.1.100 <http://192.168.1.100> allow > > See the user manual (pg. 21) - > http://www.modsecurity.org/documentation/modsecurity-manual.pdf > > -Ryan > > > On 8/30/05, *Achim Hoffmann* <ki...@se... > <mailto:ki...@se...>> wrote: > > my goal is to have mod_security active all the time (SecFilterEngine > On), but > not active for a specific IP. > I'm asking for a simple general switch like "SecFilterEngine > Off" but just for > an IP. I want to have all rules disabled for that IP while still > active for all > others ('cause it is a live server). > > Does this better describe what I need? > > > Ryan Barnett wrote on 30.08.2005 16:30: > > Not sure if I am missing what you are trying to test, however > based on > > your first sentence, you should just be able to set SecFilterEngine > > Off. If you only want to disable the tests for specific > > SecFilterSelective REMOTE_ADDR XXX.XXX.XXX.XXX rules, you may be > out of > > luck. > > >The SecFilterEngine directive is an all or nothing setting. > > That's how I understand it and why I'm asking here ;-) > > > > > > -- > > Ryan C. Barnett > > Web Application Security Consortium (WASC) Member > > CIS Apache Benchmark Project Lead > > SANS Instructor: Securing Apache > > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC > > > > > > On 8/30/05, *Achim Hoffmann* <ki...@se... > <mailto:ki...@se...> > > <mailto: ki...@se... <mailto:ki...@se...>>> wrote: > > > > for testing a live platform I need to disable mod_security. > > I know that SecFilterSelective can be triggered on > REMOTE_ADDR, but > > I'm unshure if it can > > be used to disable *all* tests for a specific IP without changing > > all rules from > > SecFilter to SecFilterSelective. > > > > Does someone have an example to achieve this? > > > > Thanks > > Achim > > > > > > ------------------------------------------------------- > > SF.Net email is Sponsored by the Better Software Conference & > EXPO > > September 19-22, 2005 * San Francisco, CA * Development > Lifecycle > > Practices > > Agile & Plan-Driven Development * Managing Projects & Teams * > > Testing & QA > > Security * Process Improvement & Measurement * > > http://www.sqe.com/bsce5sf > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > <mailto:mod...@li...> > > <mailto:mod...@li... > <mailto:mod...@li...>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > > > > > ------------------------------------------------------- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > Practices > Agile & Plan-Driven Development * Managing Projects & Teams * > Testing & QA > Security * Process Improvement & Measurement * > http://www.sqe.com/bsce5sf > _______________________________________________ > mod-security-users mailing list > mod...@li... > <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > -- > Ryan C. Barnett > Web Application Security Consortium (WASC) Member > CIS Apache Benchmark Project Lead > SANS Instructor: Securing Apache > GCIA, GCFA, GCIH, GSNA, GCUX, GSEC |
|
From: Ivan R. <iv...@we...> - 2005-09-08 08:30:04
|
Achim Hoffmann wrote: > for testing a live platform I need to disable mod_security. > I know that SecFilterSelective can be triggered on REMOTE_ADDR, but I'm > unshure if it can > be used to disable *all* tests for a specific IP without changing all > rules from > SecFilter to SecFilterSelective. The code in the CVS is now capable of dynamically enabling or disabling mod_security per request. It uses the MODSEC_ENABLE environment variable. If the variable exists it will override the SecFilterEngine directive. The parameters are the same (ie On, Off, DynamicOnly). Example: SetEnvIfNoCase Remote_Addr ^192\.168\.2\.12$ \ "MODSEC_ENABLE=Off" -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
Thanks for helping keep SourceForge clean.
X