-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jason!
Am 31.10.2010 um 00:41 schrieb Jason Brooks:
>> SecRule REMOTE_ADDR "@streq xxx.xxx.xxx.xxx" "phase:1,nolog,allow, \
>> ctl:ruleEngine=Off,ctl:auditEngine=Off"
>>
>
> Does the equivalent string "LOCAL_ADDR" exist? It's the listening
> address of localhost i want to unblock...
Yes, there exists an equivalent, which is SERVER_ADDR
>> To disable some of the rules based on URI you can use something like:
>>
>> <LocationMatch /phpmyadmin/>
>> SecRuleRemoveById 900000-900010
>> SecRuleRemoveById 999999
>> </LocationMatch>
>
> Silly question: how do I determine what the various ruleids will be?
In no way a silly question.
Currently, you'll have to manually walk throught he core-rules to figure out
which rules are hit by a range of (900000-900010).
Another way to address this is the following:
The rule-IDs will be logged. If you don't have a log-management tool, yet,
then I'd recommend for you to have a look at the audit-console at
http://www.jwall.org/AuditConsole
which provides a web-interface for that.
(There will be an easy "apt-get install auditconsole" way coming soon to
make installing more easy).
With the AuditConsole you will be able to filter all requests/alerts by
RULE_ID and check which URLs have triggered a specific rule id.
Another way would be to filter by "REQUEST_URI @sx /phpmyadmin/*" which
will give you all alerts for requests to phpadmin-URLs and allows you to
skip through these to check which rules you need to exclude.
>
> I think i need to buy the book. :)
>
You won't regret it!
It's really well written and has a very nice concept of "up-to-date"-ness :-)
I'd recommend to obtain the bundle (including paper-back).
Regards,
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iD8DBQFMzUOzpc5/RcXDlTwRAuAvAJ9mxb4ABplMXuBLb1/Bfi9Sd7UoygCfVu6n
x5D1jwQ4lbjm1UBmfCe6KkU=
=EvtU
-----END PGP SIGNATURE-----
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
