Hi Josh, Please, help me!
I used the rule below, but it is allowing everyone instead of 192.168.1.10. SecRule REQUEST_URI "^/update.php" id:1,phase:1,chain,allow,nolog,t:none,ctl:ruleEngine=off SecRule REMOTE_ADDR "^192\.168\.1\.10$" t:none I'm looking for the solution in internet, but I didn't find any solution :( On Wed, Sep 5, 2012 at 10:15 AM, Leonardo Bacha Abrantes < leona...@lbasolutions.com> wrote: > Hi Josh, > > Many thanks!!! > > I solved the problem with: > > SecRule REQUEST_URI "^/update.php" > id:1,phase:1,chain,allow,nolog,t:none,ctl:ruleEngine=off > SecRule REMOTE_ADDR "^192\.168\.1\.10$" t:none > > > > > On Wed, Sep 5, 2012 at 9:09 AM, Josh Amishav-Zlatin <jam...@gmail.com>wrote: > >> On Wed, Sep 5, 2012 at 3:00 PM, Leonardo Bacha Abrantes < >> leona...@lbasolutions.com> wrote: >> >>> Hey guys, good morning! >>> >>> I need to create a rule to allow access to update.php to an specific ip. >>> I created the rules but I couldn't put them togheter. >>> I didn't use removerulebyid because the rule will totatlly ignored by >>> modsecurity. >>> >>> >>> SecRule REQUEST_URI "^/update.php" >>> id:1,phase:1,log,allow,ctl:ruleEngine=off >>> SecRule REMOTE_ADDR "^192.168.1.10" >>> id:2,phase:1,log,allow,ctl:ruleEngine=off >>> >> >> Hi Leonardo, >> >> Take a look at the chain action: >> >> http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#chain >> >> Something like the following should work (not tested): >> SecRule REQUEST_URI "^/update.php" >> id:1,phase:1,log,allow,chain,ctl:ruleEngine=off >> SecRule REMOTE_ADDR "^192.168.1.10" >> >> -- >> - Josh >> >> >>> In case above, or I allow everything to ip 192.168.1.10 or everyone can >>> access update.php, so, I tried it: >>> >>> >>> SecRule REMOTE_ADDR|REQUEST_URI "^192.168.1.10" "^/update.php" >>> id:1,phase:1,log,allow,ctl:ruleEngine=off >>> >>> I also tried: >>> >>> SecRule REMOTE_ADDR|REQUEST_URI "^192.168.1.10" "^/update.php" >>> id:1,phase:1,log,allow,ctl:ruleEngine=off >>> "phase:2,log,allow,ctl:ruleEngine=off" >>> >>> in both case fail. How can I do that ? >>> >>> >>> >>> many thanks!! >>> >>> _______________________________________________ >>> Owasp-modsecurity-core-rule-set mailing list >>> Owasp-modsecurity-core-rule-set@lists.owasp.org >>> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >>> >>> >> >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
