[Modsecurity] Rules for rulsets
Michael Shinn
mike at gotroot.com
Fri Jun 23 16:18:02 EDT 2006
modsec rules are expressed as regular expressions. For example, a list
of OR cases would be (IP1|IP2|ip3|etc.), or you could use a range
1.2.3.[0-255]. And there are many other means by which you could do
this, as long as its a valid regular expression it will work.
On Fri, 2006-06-23 at 01:33 -0700, Chris H. wrote:
> Greetings,
> I have a question regarding the required syntax for rulesets.
> I have been previously been using deny, allow rules for rouge
> IP's and currently have a list of approximately 500 current and
> verified offenders. With the deny,allow syntax rules, it is possible
> to simply string them in a space seperated list with double quotes
> on either end - eg; "xx.yyy.zz.zzz xxx.xx.xxx.xxx yy.yy.yyyy.yy"
> Is it possible to use a similar approach with rulesets in
> mod_security? I can't imagine having to convert my current set
> to:
>
> SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX"
>
> 500 (and more) times. Can they be seperated by pipe, colon, or
> space? As in:
>
> SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX|YY.YYY.YY.YYY|ZZZ.ZZ.ZZ.ZZ"
> SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX:YY.YYY.YY.YYY:ZZZ.ZZ.ZZ.ZZ"
> SecFilterSelective "REMOTE_IP" "XX.XX.XXX.XX YY.YYY.YY.YYY ZZZ.ZZ.ZZ.ZZ"
>
> or similar?
>
> Thank you for all your time and consideration.
>
> --Chris H.
>
> _______________________________________________
> Modsecurity mailing list
> Modsecurity at gotroot.com
> http://lists.gotroot.com/mailman/listinfo/modsecurity
--
Michael T. Shinn KeyID:0xDAE2EC86
Key Fingerprint: 1884 E657 A6DF DF1B BFB9 E2C5 DCC6 5297 DAE2 EC86
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xDAE2EC86
Got Root? http://www.gotroot.com
modsecurity rules: http://www.modsecurityrules.com
Troubleshooting Firewalls: http://troubleshootingfirewalls.com
More information about the Modsecurity
mailing list