[Modsecurity] Rules for rulsets
Chris H.
fbsd at 1command.com
Fri Jun 23 04:33:21 EDT 2006
Greetings,
I have a question regarding the required syntax for rulesets.
I have been previously been using deny, allow rules for rouge
IP's and currently have a list of approximately 500 current and
verified offenders. With the deny,allow syntax rules, it is possible
to simply string them in a space seperated list with double quotes
on either end - eg; "xx.yyy.zz.zzz xxx.xx.xxx.xxx yy.yy.yyyy.yy"
Is it possible to use a similar approach with rulesets in
mod_security? I can't imagine having to convert my current set
to:
SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX"
500 (and more) times. Can they be seperated by pipe, colon, or
space? As in:
SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX|YY.YYY.YY.YYY|ZZZ.ZZ.ZZ.ZZ"
SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX:YY.YYY.YY.YYY:ZZZ.ZZ.ZZ.ZZ"
SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX YY.YYY.YY.YYY ZZZ.ZZ.ZZ.ZZ"
or similar?
Thank you for all your time and consideration.
--Chris H.
--
panic: kernel trap (ignored)
-----------------------------------------------------------------
FreeBSD 5.4-RELEASE-p12 (SMP - 900x2) Tue Mar 7 19:37:23 PST 2006
/////////////////////////////////////////////////////////////////
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: PGP Digital Signature
Url : http://lists.gotroot.com/pipermail/modsecurity/attachments/20060623/4d234765/attachment.bin
More information about the Modsecurity
mailing list