[Owasp-modsecurity-core-rule-set] Remove some rules for sub domain

Ilyass Kaouam ilyassikai at gmail.com
Wed Jul 9 14:17:56 UTC 2014


hi :)
it's very clair thank you
Last thing,

from what I understand I have to insert


*<LocationMatch /Bilbo>*

*SecRuleRemoveByID 123456*

*</LocationMatch>*


after the virtual host ?

Thank you


2014-07-09 14:07 GMT+00:00 Craig Lawson <craig.lawson at secarma.co.uk>:

>  An example of one of my anonymized configs which has a number of rules
> turned off for the whole site hence <LocationMatch .*> instead of the
> earlier example of <LocationMatch /Bilbo>, we separate virtual hosts into
> individual domain.com.conf files, we also use mod_security as a reverse
> proxy not on the actual webservers:
>
>
>
> <VirtualHost 111.222.333.444:443>
>
>         ServerName blah.com
>
>         ServerAlias blah.com
>
>         ErrorLog "/var/log/httpd/blah.com-ssl_error_log"
>
>         CustomLog "/var/log/httpd/blah.com-ssl_access_log" \
>
>                   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %s %b"
>
>
>
>         SSLEngine On
>
>         SSLProxyEngine on
>
>         SSLCertificateFile /etc/httpd/conf/ssl/blah.com.crt
>
>         SSLCertificateKeyFile /etc/httpd/conf/ssl/blah.com.key
>
>         SSLCACertificateFile /etc/httpd/conf/ssl/blah.com.ca.crt
>
>
>
>         SSLProtocol -ALL +SSLv3 +TLSv1
>
>         SSLHonorCipherOrder on
>
>         SSLCipherSuite
> ALL:!MD5:!ADH:!NULL:!EXP:!SSLv2:!LOW:!MEDIUM:RC4+RSA:+HIGH
>
>
>
>         ProxyRequests Off
>
>         ProxyPass / http://internalip/
>
>         ProxyPassReverse / http://internalip/
>
>         ProxyPreserveHost On
>
>
>
>         RequestHeader set X-Forwarded-Proto "https"
>
>
>
>         SetEnv force-proxy-request-1.0 1
>
>         SetEnv proxy-nokeepalive 1
>
> </VirtualHost>
>
>
>
> <LocationMatch .*>
>
> SecRuleRemoveById 111111 222222 333333
>
> </LocationMatch>
>
>
>
> *From:* Ilyass Kaouam [mailto:ilyassikai at gmail.com]
> *Sent:* 09 July 2014 12:42
> *To:* Craig Lawson
> *Subject:* Re: [Owasp-modsecurity-core-rule-set] Remove some rules for
> sub domain
>
>
>
> Hi lawson,
>
>
>
> Thank you for your replay :)
>
>
>
> I use Virtual host and mod_proxy
>
>
>
> who i can add this LocationMatch  ?
>
>
>
> thank you
>
> conf file :
>
>
>
>
>
> *<VirtualHost *:80>*
>
> *    ServerAdmin admin at abcdef.com <admin at abcdef.com>*
>
> *    ServerName abcdef.com <http://abcdef.com>*
>
> *    ServerAlias abcdef.com <http://abcdef.com> *. abcdef.com
> <http://abcdef.com>*
>
> *    ProxyRequests Off*
>
> *    ProxyPreserveHost On*
>
> *    <Proxy *>*
>
> *       Order allow,deny*
>
> *       Allow from all*
>
> *    </Proxy>*
>
> *    ProxyPass / http://172.27.248.4:8080/ <http://172.27.248.4:8080/>
> retry=60  keepalive=on*
>
> *    ProxyPassReverse / http://172.27.248.4:8080/
> <http://172.27.248.4:8080/> retry=60*
>
> *    ErrorLog logs/abcdef.com <http://abcdef.com>-error_log*
>
> *    CustomLog logs/i abcdef.com <http://abcdef.com>-access_log common*
>
> *</VirtualHost>*
>
>
>
> 2014-07-09 11:16 GMT+00:00 Craig Lawson <craig.lawson at secarma.co.uk>:
>
> Insert the following into your virtual host file
>
>
>
> e.g. to remove specific rules:
>
>
>
> <LocationMatch /Bilbo>
>
> SecRuleRemoveByID 123456
>
> </LocationMatch>
>
>
>
> Does this cover what you are requesting?
>
>
>
> C
>
>
>
>
>
> *From:* owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:
> owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] *On Behalf Of *Ilyass
> Kaouam
> *Sent:* 09 July 2014 11:52
> *To:* owasp-modsecurity-core-rule-set at lists.owasp.org
> *Subject:* [Owasp-modsecurity-core-rule-set] Remove some rules for sub
> domain
>
>
>
> Hi
>
>
>
> We have a sub-site www.abcdef.com / Bilbo
>
>
>
> We want to remove some roles for this subdomain only
>
> / Bilbo
>
>
>
> (this website is made by java)
>
>
>
> How I can do that, thank you
>
>
>
> --
>
> *Ilyass kaouam*
>
>
> *Systems administrator at Inforisk Group Finaccess  European Masters in
> Information Technology*
>
> *Portable : (212) 6 34 57 14 36*
>
>
>  ------------------------------
>
>
> NOTICE AND DISCLAIMER
> This e-mail (including any attachments) is intended for the above-named
> person(s). If you are not the intended recipient, notify the sender
> immediately, delete this email from your system and do not disclose or use
> for any purpose. We may monitor all incoming and outgoing emails in line
> with current legislation. We have taken steps to ensure that this email and
> attachments are free from any virus, but it remains your responsibility to
> ensure that viruses do not adversely affect you
>
>
>
>
>
> --
>
> *Ilyass kaouam*
>
>
> *Systems administrator at Inforisk Group Finaccess  European Masters in
> Information Technology*
>
> *Portable : (212) 6 34 57 14 36*
>
> ------------------------------
>
> NOTICE AND DISCLAIMER
> This e-mail (including any attachments) is intended for the above-named
> person(s). If you are not the intended recipient, notify the sender
> immediately, delete this email from your system and do not disclose or use
> for any purpose. We may monitor all incoming and outgoing emails in line
> with current legislation. We have taken steps to ensure that this email and
> attachments are free from any virus, but it remains your responsibility to
> ensure that viruses do not adversely affect you
>



-- 
*Ilyass kaouam*
*Systems administrator*
* at Inforisk Group Finaccess  *
*European Masters in Information Technology*
*Portable : (212) *
*6 34 57 14 36**http://www.inforisk.ma <http://www.inforisk.ma>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20140709/cf4ed79c/attachment-0001.html>


More information about the Owasp-modsecurity-core-rule-set mailing list