[Modsecurity] (GET|HEAD|POST|PUT|PROPFIND|OPTIONS|SEARCH) -
How to prevent?
Michael Shinn
mike at gotroot.com
Mon Jul 3 09:23:44 EDT 2006
On Sun, 2006-07-02 at 17:22 -0700, Chris H. wrote:
> Greetings,
> I'm attempting to prevent the following request methods by selected IP's
> GET|HEAD|POST|PUT|PROPFIND|OPTIONS|SEARCH
>
> How can this be done?
>
> I already have the following for matching the IP's:
> SecFilterSelective REMOTE_ADDR
> "^(nnn.nn.nnn.nnn|nnn.nn.nn.nn|nn.nnn.mmm.nnn)$" \
> "action(s)"
It sounds like what you might want is a chain. You can link rules
together by adding chain as the action for the rule. Example:
SecFilter foo chain
SecFilter bar
So in your case, something like this should work (YMMV, please test
first):
SecFilterSelective REMOTE_ADDR "^(nnn.nn.nnn.nnn|nnn.nn.nn.nn|
nn.nnn.mmm.nnn)$" chain
SecFilterSelective HTTP_METHOD "(GET|HEAD|POST|PUT|PROPFIND|OPTIONS|
SEARCH)" "actions"
>
> Thank you for all your time and consideration.
>
>
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
--
Michael T. Shinn KeyID:0xDAE2EC86
Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
Got Root? http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls: http://troubleshootingfirewalls.com
More information about the Modsecurity
mailing list