Re: Filter Rules by IP Address

Forgot to attach file in the previous reply.

 

Thanks,

naveen

 

On 10/25/05, Naveen Amradi <namradi@xxxxxxxxx> wrote:

Chris,

 

I have attached my conf file. WOuld you please look at it. I have placed the rule right below the SecFilterEngine. In that case wont that rule be higher than other ones. Maybe i am sounding dumb. I am trying to read the book and understand slowly.

 

I would appreciate if you can look at the conf file.

 

Everyone on this list is so active helpful.

 

Thanks a lot,

naveen

 

On 10/25/05, Christopher Murley <murley@xxxxxxxxxxxx > wrote:

HI Naveen, your problem isn't with the IP rule you created.  You error was:

mod_security-message: Access denied with code 403. Pattern match "/tmp" at
THE_REQUEST


The request you sent:

GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232

has /TMP (lowercased) /tmp in it. You must have another rule higher in
your chain thats disallowing URLS referencing /tmp.

--
Regards,

-Chris

_______________________________________________
Christopher Murley
Network Administrator
TownNews.Com
800.293.9576

Naveen Amradi said:
> HI Ryan,
>   I appreciate your quick response and help.
>  I am still not able to configure it properly.
> Just like u said i added
>
> SecFilterSelective REMOTE_HOST "^192\.168\.0\.94$" allow,pass
>  I tried putting it right below the SecFilterEnging and other places too.
> And i am getting this error in the log file. Maybe i am missing something.
>
> UNIQUE_ID: xv7hbIJKVE8AAFQjVXYAAAAE
> Request: 196.168.0.94 < http://196.168.0.94> - - [25/Oct/2005:11:39:02
> --0500] "GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1" 403 232
> Handler: server-parsed
> ----------------------------------------
> GET /study_abroad/TMPzad38oxcyx.htm HTTP/1.1
> User-Agent: Contribute
> Host: www.outreach.olemiss.edu <http://www.outreach.olemiss.edu/>
> Cookie:
> phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D;
> PHPSESSID=59ded4be35990378545d942f2a11c0f9
> mod_security-message: Access denied with code 403. Pattern match "/tmp" at
> THE_REQUEST
> mod_security-action: 403
>
> HTTP/1.1 403 Forbidden
> Content-Length: 232
>
> Could you help me?And Just for info i am trying to configure Macromedia
> Contribute.
>
> Thanks a lot,
>
> naveen
>
>  On 10/25/05, Ryan Barnett < rcbarnett@xxxxxxxxx> wrote:
>>
>> Naveen,
>> Think of the mod_security directives (SecFilter|SecFilterSelective) as
>> you
>> would firewall rules in that the order in which they are specified in
>> the
>> httpd.conf file does matter. Again, like firewall rules, once a filter
>> matches the incoming HTTP request it will trigger the actions specified.
>> With this being said, if you want to "whitelist" an IP address to allow
>> this
>> client access, then add in a rule like this near the top of your
>> Mod_Security directives -
>>  SecFilterSelective REMOTE_HOST "^192\.168\.1\.100$" allow,pass
>>  Add this just below the mod_security general directives (such as
>> SecFilterEngine, etc....).
>>  That should do it.
>>
>> --
>> Ryan C. Barnett
>> Web Application Security Consortium (WASC) Member
>> CIS Apache Benchmark Project Lead
>> SANS Instructor: Securing Apache
>> GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
>> Author: Preventing Web Attacks with Apache
>>   On 10/25/05, Naveen Amradi <namradi@xxxxxxxxx > wrote:
>> >
>> > HI All,
>> >
>> > Newbie of ModSecurity. I was wondering is there a way to
>> > open up rules for certain ip addresses.
>> >
>> > Thanks a gazillion!
>> > Naveen
>>
>>
>>
>>
>>
>

modsecurity.txt
Description: Text document