ModSecurity Breach

ModSecurity Blog

« Cookie parsing added | Main | Converted Snort rules to mod_security rules »

Enhanced rules now available

The last change before the 1.7 release is now in the CVS. I have refactored the code dealing with rule processing, and added three new actions: allow, skipnext, and chain. Allow enables you to stop rules processing on a single rule match, and let the request through. With skipnext you can skip one or more rules. Finally, the chain action is used to chain several filters together, essentially a logical AND. The final rule in the chain will be processed only if all rules before it match. These rules make mod_security much more fun to play with.

So, let's say that you want to restrict administration access to an application but you can't do it with standard Apache directives because the admin shares the same login panel as other users. No problem:

SecFilterSelective ARG_username admin chain
SecFilterSelective REMOTE_ADDR "!^YOUR_IP_ADDRESS_HERE$"

Calendar

November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

Feeds

Atom Feed

Search

Categories

Recent Entries

Archives