[Owasp-modsecurity-core-rule-set] Regarding core rule set of Mod Security
ryan.barnett at breach.com
Tue Jan 12 11:43:59 EST 2010
Couldn't you use @pmFromFile for a list of IPs as it will keep whitespace. So, the user
would need to make sure that they have leading/trailing spaces around each IP on each line
in the file though.
Would that not work?
Director of Application Security Research
Phone: (703) 794-2248
Cell: (703) 269-8998
Breach Security, Inc.
2141 Palomar Airport Road, Suite 200
Carlsbad, CA 92011
On Tuesday 12 January 2010 11:34:26 am Brian Rectanus wrote:
> SAJAL BHATIA wrote:
> > Hi,
> > I have a few questions related to core rule set of Mod Security
> > 1. How does it performs the searching of IPs which it is required to
> > allow or block?
> Not sure what you mean here. You want to pass it a list of IPs to
> block? If so probably regex is the only way:
> SecRule REMOTE_ADDR "^(?:1\.2\.3\.4|5\.6\.7\.8)$" \
> But you could be smater about the regex for IPs in the same subnet:
> SecRule REMOTE_ADDR "^(?:1\.2\.3\.(?:4|5|6)|5\.6\.7\.(?:8|9|10))$" \
> @pm and @pmFromFile will not work as the match is not bounded, so
> "18.104.22.168" will match for "22.214.171.124", etc.
> On the list of features to build is an @ip operator to do this better,
> but really it is faster to do this from an external firewall.
> Another option is @rbl.
> And yet another option if you are a developer is to build your own
> custom operator with the API.
> > 2. Can we give externally a list of IPs to the core rule set for it to
> > block or allow access? 3. Is it possible to make Mod Security refresh its
> > white list or black list of IPs in real time?
> You can is you build your own RBL and use the @rbl operator.
> > 4. How can we update our customized rule set dynamically? Does it require
> > the apache server to restart?
> It requires a reload (ie "graceful") as it is part of the Apache config.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set