Hello,
I have ModSecurity running as a reverse proxy behind an haproxy LB. Because
we're behind HAProxy, we're getting LB IP addresses for REMOTE_ADDR.
I have a large number of IPs that I have to whitelist, and would therefore
really take advantage of the ipMatch and ipMatchFromFile functions.
Can I use "@ipMatchFromFile " against REQUEST_HEADER:X-Forwarded-For? I
didn't think this was possible.
From: Leos Rivas Manuel
mailto:manuel.leosri...@gemalto.com>>
Date: Friday, March 4, 2016 at 12:33 AM
To: "Brian A. Davis" mailto:brida...@cisco.com>>,
"owasp-modsecurity-core-rule-set@lists.
You don't need to modify the remote_address, simply use header:x-forwarded-for
instead and deny if it matches.
From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org
[mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of
Brian Davis (bridavis)
Sent: vendredi 4 mars
Hi David,
Yes you can, you used modsec documentation example I supposed as it is it
explain the rule not the directive itself:
SecRule REMOTE_ADDR "@ipMatchFromFile ips.txt" "id:163"
This is the modified rule that will match the X-Forwarded-for header
SecRule REQUEST_HEADERS:X-Forwarded-for "@ip
Keep in mind you can also use the TX:REAL_IP collection. This will either
contain the direct IP of the node connecting to your server, or the value
of x-forwarded-for if that header is present and contains an IP address:
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/modsecurity_c
Hello,
I'm specifically interested in enabling just the XSS CRS rules from
ModSecurity. However, I have ESAPI HTTP whitelist validation rules already
running. I have the following questions:
1. Can ModSecurity XSS CRS rules operate in parallel with ESAPI HTTP
whitelist validation?
2.
Dear Hiranmayi Palanki,
I am not familiar with the ESAPI HTTP whitelisting, but I do know it's a
helpful security layer. Combining ModSec with other defense methods
makes a lot of sense with regards to security in depth etc.
The price is certainly the complexity and the additional source for
fals
Hello Christian,
Thank you for your response. I will indeed share the recipe, if at all this
route is pursued.
The ESAPI HTTP white list validation is an open source library from OWASP. It
provides white list input validation and output encoding amongst many of its
features.
The challenge is
Hello,
On Fri, Mar 04, 2016 at 10:33:05PM +, Hiranmayi Palanki wrote:
> Thank you for your response. I will indeed share the recipe, if at all this
> route is pursued.
Great. We could put it into the OWASP wiki.
> Based on your response, I'm deriving that sending all parts of the
> HTTP req
