mod-security-users

[mod-security-users] Whitelist or redefinung a specific rule

[sioban <go...@si...>]

Hello list.

I use mod security quite a lot, it's a very good product for application filtering.

But I came to a problem.

I also use the gotroot rules, and the script which update the rules.

So I implement rules globaly.

I wonder if there's is a possibility for a location/vhost/directory
to make exception of a particular rule. Removing all rules
with SecfilterInheritance is not a good choice as I need to re include
all rules for the specific location. I don't want to modify the rules
as it will be broken in the next update process.

So I wonder if you can redefine a rule, or even whitelist a specific
request ?

Thanks.

Sioban

Re: [mod-security-users] Whitelist or redefinung a specific rule

[Ivan R. <iv...@we...>]

sioban wrote:
> Hello list.
> 
> I use mod security quite a lot, it's a very good product for application filtering.
> 
> But I came to a problem.
> 
> I also use the gotroot rules, and the script which update the rules.
> 
> So I implement rules globaly.
> 
> I wonder if there's is a possibility for a location/vhost/directory
> to make exception of a particular rule. Removing all rules
> with SecfilterInheritance is not a good choice as I need to re include
> all rules for the specific location. I don't want to modify the rules
> as it will be broken in the next update process.

  Sure there is (in 1.9), look for SecFilterRemoveRule in the
  manual.


> So I wonder if you can redefine a rule, or even whitelist a specific
> request ?

  You can whitelist any request using the "allow" action.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org

Re: [mod-security-users] Whitelist or redefinung a specific rule

[sioban <go...@si...>]

> 
>   Sure there is (in 1.9), look for SecFilterRemoveRule in the
>   manual.

missed that one, thanks !

of course a google on it, only point me on the CVS changelog :(

surely because you are meaning SecFilterRemove.

I see it's working with id definition, quite interesting.

I need to ask gotroot maintainer if he plan to add these id.

> 
>   You can whitelist any request using the "allow" action.
> 

even if another rule already blacklist that one ?

Re: [mod-security-users] Whitelist or redefinung a specific rule

[Ivan R. <iv...@we...>]

sioban wrote:
>>  Sure there is (in 1.9), look for SecFilterRemoveRule in the
>>  manual.
> 
> missed that one, thanks !
> 
> of course a google on it, only point me on the CVS changelog :(
> 
> surely because you are meaning SecFilterRemove.

  Yes, sorry.


> I see it's working with id definition, quite interesting.
> 
> I need to ask gotroot maintainer if he plan to add these id.
> 
> 
>> You can whitelist any request using the "allow" action.
>>
> 
> even if another rule already blacklist that one ?

  No. You have to "allow" it before that.

-- 
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org