Christian not sure if you missed this as Gary had replied? Gary, the key issue is this:
> [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Executing operator "contains" with param "admin:" against > REQUEST_HEADERS:Authorization. <snip> > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Rule returned 0. So your rule is not matching for some reason. I would suggest you turn the audit engine on to capture all request: SecAuditEngine On And then see if this Authorization header is included, with a value containing admin, by looking in the audit log. Alternatively write another rule that matches always: SecRule "REQUEST_URI" "." "phase:2,id:2,t:base64Decode,log,auditlog,allow" And again check audit log to see if the Authorization header is included, with a value containing admin. By the way phase 2 (REQUEST_BODY) also includes phase 1 (REQUEST_HEADER) details. You could move your rule to phase 1 and it will execute earlier which might save you needlessly attempting other phase 2 rules if it fails, but this is not the reason for your failure here. Hope that helps. Thanks, Barry ---------------------------------------- > From: gary.mans...@ricardo.com > To: csand...@trustwave.com; owasp-modsecurity-core-rule-set@lists.owasp.org > Date: Mon, 4 Apr 2016 14:28:26 +0000 > Subject: Re: [Owasp-modsecurity-core-rule-set] Is it possible to use > modsecurity rules to prevent logins by specific user accounts? > > I have got some debug logs, but am not certain how what they are telling me - > I wonder if anyone can advise me on this? > > I have just the one rule in my config now: > > SecRule "REQUEST_HEADERS:Authorization" "@contains admin:" > "phase:2,log,auditlog,id:1,t:base64Decode,deny,status:403" > > I started a fresh apache session with empty debug log, and accessed the web > application from a fresh browser session (15:18:06) and was prompted to enter > username and password. I entered the username grmawcadmin and the password > and this shows at 15:18:07 in the log below. > > As far as I can see, it does not seem to run the rule in the REQUEST_HEADERS > section, but rather at the REQUEST_BODY - is this what is the problem - ie it > is checking for the admin string in the REQUEST_BODY rather than the > REQUEST_HEADER > > I would gladly appreciate some help on this, as I am rather stuck. > > Rgds > > Gary > > > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Initialising transaction (txid VwJ3nsCoAUcAABgZAbQAAACX). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][5] > Adding request cookie: name "__utma", value > "1.1672802757.1445242759.1445242759.1456313530.2" > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][5] > Adding request cookie: name "__utmz", value > "1.1445242759.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Transaction context created (dcfg 1039140). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Starting phase REQUEST_HEADERS. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Second phase starting (dcfg 1039140). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Input filter: This request does not have a body. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Starting phase REQUEST_BODY. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > This phase consists of 1 rule(s). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Recipe: Invoking rule 109b5e8; [file > "/opt/ptc/HTTPServer/conf/crs/ricardo.conf"] [line "11"] [id "1"]. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][5] > Rule 109b5e8: SecRule "REQUEST_HEADERS:Authorization" "@contains admin:" > "phase:2,log,auditlog,id:1,t:base64Decode,deny,status:403" > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Rule returned 0. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > No match, not chained -> mode NEXT_RULE. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Hook insert_filter: Adding output filter (r 7fc1ec0098b0). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0098b0). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Starting phase RESPONSE_HEADERS. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Content Injection: Not enabled. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 10 bytes. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0098b0). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 624 bytes. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0098b0). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 8 bytes. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > Output filter: Bucket type EOS contains 0 bytes. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Output filter: Completed receiving response body (buffered full - 642 bytes). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Starting phase RESPONSE_BODY. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Output filter: Output forwarding complete. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Initialising logging. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Starting phase LOGGING. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Recording persistent data took 0 microseconds. > [04/Apr/2016:15:18:06 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0098b0][/Windchill/app/][4] > Audit log: Not configured to run for this request. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Initialising transaction (txid VwJ3qcCoAUcAABgZAbUAAACX). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][5] > Adding request cookie: name "__utma", value > "1.1672802757.1445242759.1445242759.1456313530.2" > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][5] > Adding request cookie: name "__utmz", value > "1.1445242759.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Transaction context created (dcfg 1039140). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Starting phase REQUEST_HEADERS. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Second phase starting (dcfg 1039140). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Input filter: This request does not have a body. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Starting phase REQUEST_BODY. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > This phase consists of 1 rule(s). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Recipe: Invoking rule 109b5e8; [file > "/opt/ptc/HTTPServer/conf/crs/ricardo.conf"] [line "11"] [id "1"]. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][5] > Rule 109b5e8: SecRule "REQUEST_HEADERS:Authorization" "@contains admin:" > "phase:2,log,auditlog,id:1,t:base64Decode,deny,status:403" > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > T (0) base64Decode: "\x05\xab"" > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Transformation completed in 24 usec. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Executing operator "contains" with param "admin:" against > REQUEST_HEADERS:Authorization. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Target value: "\x05\xab"" > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Operator completed in 7 usec. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Rule returned 0. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > No match, not chained -> mode NEXT_RULE. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Hook insert_filter: Adding output filter (r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Starting phase RESPONSE_HEADERS. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Content Injection: Not enabled. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 1591 bytes. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 1295 bytes. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Bucket type FLUSH contains 0 bytes. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 8184 bytes. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Bucket type TRANSIENT contains 129 bytes. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Receiving output (f 7fc1ec01d9e8, r 7fc1ec0340f0). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > Output filter: Bucket type EOS contains 0 bytes. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Output filter: Completed receiving response body (buffered full - 11199 > bytes). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Starting phase RESPONSE_BODY. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Output filter: Output forwarding complete. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Initialising logging. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Starting phase LOGGING. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][9] > This phase consists of 0 rule(s). > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Recording persistent data took 0 microseconds. > [04/Apr/2016:15:18:17 +0100] > [windchill-test.ricardo.com/sid#10af9e8][rid#7fc1ec0340f0][/Windchill/app/][4] > Audit log: Not configured to run for this request. > > > > > > > > > > > > -----Original Message----- > From: Chaim Sanders [mailto:csand...@trustwave.com] > Sent: 31 March 2016 17:33 > To: Mansell, Gary <gary.mans...@ricardo.com>; > owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: RE: [Owasp-modsecurity-core-rule-set] Is it possible to use > modsecurity rules to prevent logins by specific user accounts? > > Hey Gary, > While I'm not sure what's going wrong with your rule I suggest you check out > the debug log... it will usually contain valuable information to help you > debug your issues :). Maybe someone else will be able to spot the issue. > > -----Original Message----- > From: Mansell, Gary [mailto:gary.mans...@ricardo.com] > Sent: Thursday, March 31, 2016 12:31 PM > To: Chaim Sanders <csand...@trustwave.com>; > owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: Re: [Owasp-modsecurity-core-rule-set] Is it possible to use > modsecurity rules to prevent logins by specific user accounts? > > Is there no one who can help me further on this, as it seems exactly the sort > of thing that modsecurity should be able to do (but I am struggling with)? > > All of my Web Application admin accounts end in the string "admin", and I > would like to be able to use a modsecurity rule on the reverse proxy server > in the DMZ to prevent any admin logins (as admins should only ever login > directly via the internal apache server rather than the reverse proxy)? > > It is my understanding that even though this is a https request, as this > application uses basic authentication, every request via the reverse apache > server includes a base64 encoded username and password in the authorisation > header - I can't understand why I can't block this with a simple modsecurity > rule. > > The rule suggestion that I was sent by Chaim seems to make sense to me, but I > just can't get it to work - it seems to be looking to deny any request with > authorization Header containing the string "admin:" > > SecRule REQUEST_HEADERS:Authorization "@contains admin:" > "id:1,t:base64Decode,deny,status:403" > > Can anyone help me on this - is there just a simple typo in the rule perhaps? > Do I have to choose a unique ID value other than 1 (as I had the Owasp core > rule set configured too)? > > Rgds > > Gary > > > > > I have had a good crack at trying to get this to work, but to no avail, > unfortunately. > > SecRule REQUEST_HEADERS:Authorization "@contains admin:" > "id:1,t:base64Decode,deny,status:403" > > I tried changing the contains string to various things that may be relevant, > but still no joy. > > Is it perhaps because both the reverse proxy and the internal apache server > are configured for https? > > How do I tell whether my system is using base64 to encode the username in the > header? > > I have to say I am completely lost with this now, it seems like something > that modsecurity should be able to do, but I don't know where to start with > debugging, or testing this to get it to work? > > Any ideas anyone? > > Rgds > > Gary > > > -----Original Message----- > From: Chaim Sanders [mailto:csand...@trustwave.com] > Sent: 14 March 2016 15:58 > To: Mansell, Gary <gary.mans...@ricardo.com>; > owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: RE: [Owasp-modsecurity-core-rule-set] Is it possible to use > modsecurity rules to prevent logins by specific user accounts? > > Hey Gary, > This Is actually a great question and should be very easily possible. > Typically Basic Authentication uses base64. So you could do something similar > to the following (untested) SecRule REQUEST_HEADERS:Authorization "@contains > admin:" "id:1, t:base64Decode,deny,status:403' > > -----Original Message----- > From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org > [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of > Mansell, Gary > Sent: Monday, March 14, 2016 11:13 AM > To: owasp-modsecurity-core-rule-set@lists.owasp.org > Subject: [Owasp-modsecurity-core-rule-set] Is it possible to use modsecurity > rules to prevent logins by specific user accounts? > > Hi, > > I have an internal Web application that uses Apache Basic Authentication, > checking user account logins against an internal LDAP Server for > authentication. > > I am now looking to present this Web Application to whitelisted IP's on the > Internet, by means of a Reverse Proxy Apache Server in a DMZ with modsecurity > enabled and one of the free rulesets to protect the application being abused. > Both the Reverse Proxy and the Internal Apache server are configured for > https only. > > It occurs to me that Administrative users should never be able to login to > the Web Application from the via the Reverse Proxy Apache server - I hence > wonder if it is possible to use modsecurity on the Reverse Apache server to > prevent specific Admin user accounts from logging in to the Web Application? > > If so, please can someone point me in the direction of how I might achieve > this? > > Thanks > > Gary > > > > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this e-mail in error please notify the sender immediately > and delete this e-mail from your system. > Please note that any views or opinions presented in this e-mail are solely > those of the author and do not necessarily represent those of Ricardo (save > for reports and other documentation formally approved and signed for release > to the intended recipient). Only Directors are authorised to enter into > legally binding obligations on behalf of Ricardo. Ricardo may monitor > outgoing and incoming e-mails and other telecommunications systems. By > replying to this e-mail you give consent to such monitoring. The recipient > should check e-mail and any attachments for the presence of viruses. Ricardo > accepts no liability for any damage caused by any virus transmitted by this > e-mail. > "Ricardo" means Ricardo plc and its subsidiary companies. > Ricardo plc is a public limited company registered in England with registered > number 00222915. > The registered office of Ricardo plc is Shoreham Technical Centre, > Shoreham-by Sea, West Sussex, BN43 5FG. > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > http://scanmail.trustwave.com/?c=4062&d=wND91tX1TZq0UB15loWcH4RfFlxJe-IvfXYgFS8s2g&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fowasp-modsecurity-core-rule-set > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is strictly prohibited. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this e-mail in error please notify the sender immediately > and delete this e-mail from your system. > Please note that any views or opinions presented in this e-mail are solely > those of the author and do not necessarily represent those of Ricardo (save > for reports and other documentation formally approved and signed for release > to the intended recipient). Only Directors are authorised to enter into > legally binding obligations on behalf of Ricardo. Ricardo may monitor > outgoing and incoming e-mails and other telecommunications systems. By > replying to this e-mail you give consent to such monitoring. The recipient > should check e-mail and any attachments for the presence of viruses. Ricardo > accepts no liability for any damage caused by any virus transmitted by this > e-mail. > "Ricardo" means Ricardo plc and its subsidiary companies. > Ricardo plc is a public limited company registered in England with registered > number 00222915. > The registered office of Ricardo plc is Shoreham Technical Centre, > Shoreham-by Sea, West Sussex, BN43 5FG. > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > http://scanmail.trustwave.com/?c=4062&d=wND91tX1TZq0UB15loWcH4RfFlxJe-IvfXYgFS8s2g&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fowasp-modsecurity-core-rule-set > > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this e-mail in error please notify the sender immediately > and delete this e-mail from your system. > Please note that any views or opinions presented in this e-mail are solely > those of the author and do not necessarily represent those of Ricardo (save > for reports and other documentation formally approved and signed for release > to the intended recipient). Only Directors are authorised to enter into > legally binding obligations on behalf of Ricardo. Ricardo may monitor > outgoing and incoming e-mails and other telecommunications systems. By > replying to this e-mail you give consent to such monitoring. The recipient > should check e-mail and any attachments for the presence of viruses. Ricardo > accepts no liability for any damage caused by any virus transmitted by this > e-mail. > "Ricardo" means Ricardo plc and its subsidiary companies. > Ricardo plc is a public limited company registered in England with registered > number 00222915. > The registered office of Ricardo plc is Shoreham Technical Centre, > Shoreham-by Sea, West Sussex, BN43 5FG. > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is strictly prohibited. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > This e-mail and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are > addressed. If you have received this e-mail in error please notify the sender > immediately and delete this e-mail from your system. > Please note that any views or opinions presented in this e-mail are solely > those of the author and do not necessarily represent those > of Ricardo (save for reports and other documentation formally approved and > signed for release to the intended recipient). Only Directors > are authorised to enter into legally binding obligations on behalf of > Ricardo. Ricardo may monitor outgoing and incoming e-mails and > other telecommunications systems. By replying to this e-mail you give consent > to such monitoring. The recipient should check e-mail and > any attachments for the presence of viruses. Ricardo accepts no liability for > any damage caused by any virus transmitted by this e-mail. > "Ricardo" means Ricardo plc and its subsidiary companies. > Ricardo plc is a public limited company registered in England with registered > number 00222915. > The registered office of Ricardo plc is Shoreham Technical Centre, > Shoreham-by Sea, West Sussex, BN43 5FG. > -------------------------------------------------------------------------------------------------------------------------------------------------------------- > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
