Mesra.net CEO | 2 Sep 02:40 2014
Picon

Upload Limit Rules

Dear All,
 
I’m looking the rule for allow upload for only specific country, for example I will allow only Japan to upload any type of files and the rest countries will Access denied.
 
Please help
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Júnior | 1 Sep 04:37 2014
Picon

web defense

 mod_security, which is a web application firewall, also known as WAF.

The mod_security is now supported by the SpiderLabs (http://blog.spiderlabs.com/), sustained by Truswave blog, one of the giants of the security team.

The mod_security is an opencsource WAF in my opinion loses nothing to the owners. He has paid some rules, developed by the staff of SiperLabs and has rules available for free on the OWASP site, but our intention is not to take anything but ready to understand how the tool works, to create our own rules.




http://webdefense.blogspot.com.br/2014/08/introduction-to-modsecurity-to-begin-i.html

--



------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Dan Rowlands | 26 Aug 10:46 2014
Picon

multipart parser detected a possible unmatched boundary

Hi

I have changed SecRequestBodyLimit to something larger than the 13MB default to allow users to upload large files. This removes the upload limit restriction but the request then seems to fail on a new error:

"multipart parser detected a possible unmatched boundary"

This occurs after uploading a file from any browser. As far as I can tell there is not maximum request size set in Apache independently. After some searching the options I have found online are either to disable the rule entirely, or just log the rule violation but don't block the request. I was hoping someone here may have a better suggestion, or if not, could briefly explain the risk of disabling this particular rule.

Thanks,
Dan
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Ehsan Mahdavi | 22 Aug 15:35 2014
Picon

About comment spam and rbl checks

Hi



I have enabled modsecurity_crs_42_comment_spam.

According to the following rules, I think if the rbl check response for a specific IP is positive, the IP must not be checked for next 24 hours. But in my audit log I can see that the rule id 981138 is being fired simultaneously for the same IP and this means the rbl check for the same IP is being done in less than 24 hours (in my case every 3 to 5 minutes).

What is wrong?


P.S--
SecRule IP:PREVIOUS_RBL_CHECK " <at> eq 1" "phase:1,id:'981137',t:none,pass,nolog,skipAfter:END_RBL_LOOKUP"
  SecRule REMOTE_ADDR " <at> rbl sbl-xbl.spamhaus.org" "phase:1,id:'981138',t:none,pass,nolog,auditlog,msg:'RBL Match for SPAM Source',tag:'AUTOMATION/MALICIOUS',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.automation_score=+%{tx.warning_anomaly_score},setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var},setvar:ip.spammer=1,expirevar:ip.spammer=86400,setvar:ip.previous_rbl_check=1,expirevar:ip.previous_rbl_check=86400,skipAfter:END_RBL_CHECK"

  SecAction "phase:1,id:'981139',t:none,nolog,pass,setvar:ip.previous_rbl_check=1,expirevar:ip.previous_rbl_check=86400"
SecMarker END_RBL_LOOKUP

SecRule IP:SPAMMER " <at> eq 1" "phase:1,id:'981140',t:none,pass,nolog,auditlog,msg:'Request from Known SPAM Source (Previous RBL Match)',tag:'AUTOMATION/MALICIOUS',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.automation_score=+%{tx.warning_anomaly_score},setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var}"

SecMarker END_RBL_CHECK




--
                    regards
                 Ehsan.Mahdavi

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Ehsan Mahdavi | 22 Aug 15:12 2014
Picon

About SecDefaultAction


Hi,

I have a rule like this: SecRule "variable" "condition" "phase:1,block,...

Following the CRS10 example(2.2.9) I have two consecutive default actions like this:

SecDefaultAction "phase:1,deny,log"
SecDefaultAction "phase:2,deny,log"

I need to know:
1. Are both SecDefaultActions are working or just the latter one?
2. If the answer of above question is NO and If the rule matches, will modsecurity deny the transaction? (I ask because the rule performs in phase:1 and the latter SecDefaultAction is defined over the 2nd phase).

--
                    regards
                 Ehsan.Mahdavi

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Christopher Jay Manders | 15 Aug 00:30 2014
Picon

Re: Mlogc and Waf-fle logs

Hi,

You can have more than one...

SecAuditLog "|/usr/bin/mlogc /etc/mlogc.conf"
SecAuditLog2 /var/log/modsec/modsec_audit.log

Does that help?

Best,
-cjm

From: Wagner Queiroz <wmqueiroz <at> gmail.com>
Subject: [mod-security-users] Mlogc and Waf-fle logs
Date: 14August, 2014 at 13:34:45 PDT

Hi,

I need to storage default modsecurity format in my webserver.
When an event happens, the logs doen't stay local, the mlogc sends the logs to server via mlogc that has WAF-FLE installed.
The directories in /var/log/modsec/... are empty. The modsecurity create a directory with the date, but is all empty.
The modsecurity.conf is set Concurrent in SecAuditLogType.
If I extract the logs from the WAF-FLE database, the format isn't the modsecurity default.

Thanks,
Wagner
------------------------------------------------------------------------------
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


------------------------------------------------------------------------------
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Wagner Queiroz | 14 Aug 22:34 2014
Picon

Mlogc and Waf-fle logs

Hi,

I need to storage default modsecurity format in my webserver.
When an event happens, the logs doen't stay local, the mlogc sends the logs to server via mlogc that has WAF-FLE installed.
The directories in /var/log/modsec/... are empty. The modsecurity create a directory with the date, but is all empty.
The modsecurity.conf is set Concurrent in SecAuditLogType.
If I extract the logs from the WAF-FLE database, the format isn't the modsecurity default.

Thanks,
Wagner
------------------------------------------------------------------------------
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Paul Beckett | 12 Aug 08:01 2014

Segmentation Fault : modsecurity combined with proxy-balancer

My apache server has started segmentation faulting all the time (seems to log a segmentation fault every few requests to the apache error log):

[Fri Jul 25 06:25:42.046752 2014] [core:notice] [pid 11226:tid 140006078953216] AH00052: child pid 11715 exit signal Segmentation fault (11)

This initally appeared to be due to the number of proxy balancers I have configured (problem isn't related to any one specific proxy balancer, adding / removing any of the proxy balancers causes the problem to appear/disappear). I'm using Apache HTTPD as a reverse proxy for a lot of backend web application servers (~150 proxy-balancers, configured in apache httpd to load-balance web app servers). Following the infomation at http://httpd.apache.org/dev/debugging.html#backtrace I've obtained the following backtrace of one of the core dumps using gdb, which seems to point to something happening in modsecurity logging at the point of the segmenation fault?

(gdb) where
#0  apr_global_mutex_lock (mutex=0x0) at locks/unix/global_mutex.c:97
#1  0x00007ffe08a90e83 in sec_audit_logger (msr=0x7ffdac006328) at msc_logging.c:579
#2  0x00007ffe08a966f7 in modsecurity_process_phase_logging (msr=0x7ffdac006328, phase=<value optimized out>) at modsecurity.c:689
#3  modsecurity_process_phase (msr=0x7ffdac006328, phase=<value optimized out>) at modsecurity.c:795
#4  0x00007ffe08a6b68b in hook_log_transaction (r=0x7ffdac004980) at mod_security2.c:1202
#5  0x00000000004343f0 in ap_run_log_transaction (r=0x7ffdac004980) at protocol.c:1788
#6  0x000000000044571f in eor_bucket_cleanup (data=<value optimized out>) at eor_bucket.c:35
#7  0x00007ffe10040c6e in run_cleanups (pool=0x7ffdac004908) at memory/unix/apr_pools.c:2352
#8  apr_pool_destroy (pool=0x7ffdac004908) at memory/unix/apr_pools.c:804
#9  0x00007ffe0cb3b9b9 in ssl_io_filter_output (f=0x7ffdb4001240, bb=0x7ffd5c003d98) at ssl_engine_io.c:1659
#10 0x00007ffe0cb3c0f5 in ssl_io_filter_coalesce (f=0x7ffdb4001218, bb=0x7ffd5c003d98) at ssl_engine_io.c:1558
#11 0x000000000045fa5d in ap_process_request_after_handler (r=0x7ffdac004980) at http_request.c:256
#12 0x000000000045d040 in ap_process_http_async_connection (c=0x7ffdb4000cc0) at http_core.c:143
#13 ap_process_http_connection (c=0x7ffdb4000cc0) at http_core.c:228
#14 0x0000000000454b30 in ap_run_process_connection (c=0x7ffdb4000cc0) at connection.c:41
#15 0x00007ffe0eda17e1 in process_socket (thd=0x2047658, dummy=<value optimized out>) at event.c:970
#16 worker_thread (thd=0x2047658, dummy=<value optimized out>) at event.c:1815
#17 0x00007ffe0f9cf851 in start_thread () from /lib64/libpthread.so.0
#18 0x00007ffe0f71d90d in clone () from /lib64/libc.so.6

I am running Apache HTTPD 2.4.9 with mod-security 2.7.5 both built from source on RHEL6.

I would be incredibly grateful for any help or advice on resolving this.

Thanks,
Paul

------------------------------------------------------------------------------
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/

modSecuitu + IIS : data encoding

Hi,

Can modsecurity encode the data received on the server and if so how can that be achieved?

 

Regards,

Sandeep


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Disclaimer~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information contained and transmitted by this e-mail is confidential and proprietary to IGATE and its affiliates and is intended for use only by the recipient. If you are not the intended recipient, you are hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator or mailadmin <at> igate.com. IGATE does not enter into any agreement with any party by e-mail. Any views expressed by an individual do not necessarily reflect the view of IGATE. IGATE is not responsible for the consequences of any actions taken on the basis of information provided, through this email. The contents of an attachment to this e-mail may contain software viruses, which could damage your own computer system. While IGATE has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening an attachment. To know more about IGATE please visit www.igate.com.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
Ryan Barnett | 5 Aug 18:08 2014

Live ModSecurity Demos at Blackhat Arsenal

FYI – if any of you are going to be out at Blackhat USA this week in Las Vegas, please stop by Arsenal tools on Thursday morning as I will be there demoing many cool ModSecurity features :)


Hope to see some of you in Las Vegas!

Ryan Barnett

Senior Lead Security Researcher, SpiderLabs

 

Trustwave | SMART SECURITY ON DEMAND

www.trustwave.com



This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/

Re: mod-security-users Digest, Vol 99, Issue 11

Hi Felipe,
By default SecStreamInBodyInspection parameter was not present in the modsecurity.conf that I had on my server.

I tried adding and setting SecStreamInBodyInspection to On and it worked for me. I have also added the below parameters,

SecStreamOutBodyInspection On
SecStreamInBodyInspection On
SecContentInjection On

Thanks a lot !

Regards,
Sandeep Kale.
________________________________________
From: mod-security-users-request <at> lists.sourceforge.net <mod-security-users-request <at> lists.sourceforge.net>
Sent: Tuesday, August 5, 2014 4:24 AM
To: mod-security-users <at> lists.sourceforge.net
Subject: mod-security-users Digest, Vol 99, Issue 11

Send mod-security-users mailing list submissions to
        mod-security-users <at> lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/mod-security-users
or, via email, send a message with subject or body 'help' to
        mod-security-users-request <at> lists.sourceforge.net

You can reach the person managing the list at
        mod-security-users-owner <at> lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of mod-security-users digest..."

Today's Topics:

   1. Re: IIS modSecurity Problem (Sandeep Kale (GRP00 - GROTH))
   2. domain names with specific prefix (Ehsan Mahdavi)
   3. Re: domain names with specific prefix (Suresh Prajapati)
   4. Re: domain names with specific prefix (Ehsan Mahdavi)

----------------------------------------------------------------------

Message: 1
Date: Tue, 5 Aug 2014 06:03:18 +0000
From: "Sandeep Kale (GRP00 - GROTH)" <Sandeep.SKale <at> igate.com>
Subject: Re: [mod-security-users] IIS modSecurity Problem
To: "mod-security-users <at> lists.sourceforge.net"
        <mod-security-users <at> lists.sourceforge.net>
Cc: "Abhishek Tripathi \(GE\)" <Abhishek.Tripathi <at> igate.com>
Message-ID: <1407218597583.34816 <at> igate.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi Felipe,
My configurations are almost same as the defaults settings. Below are my findings.

Do you have SecRequestBodyAccess (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRequestBodyAccess)
enabled or disabled?

Sandeep : Yes, This is enabled.

Dynamic compression is enabled in your server?.

Sandeep : I will check on this. Should I enable it if not ?

Do you have another IIS module installed in this very same server?

Sandeep : nope. I have only one website on this server. I have urlscan installed on this IIS.

Can you set SecStreamInBodyInspection to On and check if the problem persists?
(More information here: https://github.com/SpiderLabs/ModSecurity/issues/562)

Sandeep : I will check on this and give a try.

Thanks for your attention into this issue.

Regards,
Sandeep Kale.

?

________________________________
From: Sandeep Kale (GRP00 - GROTH)
Sent: Monday, August 4, 2014 11:05 AM
To: mod-security-users <at> lists.sourceforge.net
Cc: Abhishek Tripathi (GE)
Subject: RE: IIS modSecurity Problem

Hi ,

I have observed that when application uses GET method then it works fine but when we use POST method then we
see that modSecurity is blocking the requests with default settings.

Is there any configuration settings to allow POST resquests as well or am I missing anything else ?

Regards,

Sandeep Kale.

________________________________
From: Sandeep Kale (GRP00 - GROTH)
Sent: Monday, August 4, 2014 5:07 AM
To: mod-security-users <at> lists.sourceforge.net
Cc: Abhishek Tripathi (GE)
Subject: IIS modSecurity Problem

Hi,

I have installed modSecurity 2.8.0 for IIS 7.5 on Windows Server? 2008 R2 server. We have CGI based web
application running on this IIS.

After installtion we see that modSecurity is blocking all the request to web-server. The debug and Audit
logs are enabled and we do not see much information as to why the requests are blocked.

I tried to intercept the request in burp suit and do not see  the actual request sent to server. Hence it looks
like the complete request is blocked.

Is there any configuration parameter to log everything that modSecurity is doing ?

Regards,

Sandeep Kale.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Disclaimer~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information contained and transmitted by this e-mail is confidential and proprietary to IGATE and its
affiliates and is intended for use only by the recipient. If you are not the intended recipient, you are
hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly
prohibited and you are requested to delete this e-mail immediately and notify the originator or
mailadmin <at> igate.com <mailto:mailadmin <at> igate.com>. IGATE does not enter into any agreement with any
party by e-mail. Any views expressed by an individual do not necessarily reflect the view of IGATE. IGATE
is not responsible for the consequences of any actions taken on the basis of information provided,
through this email. The contents of an attachment to this e-mail may contain software viruses, wh
 ich could damage your own computer system. While IGATE has taken every reasonable precaution to minimise
this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You
should carry out your own virus checks before opening an attachment. To know more about IGATE please visit
www.igate.com <http://www.igate.com>.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Tue, 5 Aug 2014 13:16:04 +0430
From: Ehsan Mahdavi <ehsan.mahdavi <at> gmail.com>
Subject: [mod-security-users] domain names with specific prefix
To: mod-security-users <at> lists.sourceforge.net
Message-ID:
        <CAC7V=mz-xUk_L=LqeU-YbURPOasmERgS0CdeohfDuy48atKGjw <at> mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Greetings,

I am trying to protect a large domain containing many sub-domains all with
a specific post-fix on their names, e.g. site1.domain.com , site2.domain.com,
.... , siten.domain.com .

I am wondering if I can configure a reverse proxy so modsecurity will
protect something like *.domain.com?

P.S. I'm Using mod-security with apache.
P.S. Different domain names have different IP addresses.

--
                    regards
                 Ehsan.Mahdavi
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 3
Date: Tue, 5 Aug 2014 14:36:38 +0530
From: Suresh Prajapati <suresh.prajapati <at> bankbazaar.com>
Subject: Re: [mod-security-users] domain names with specific prefix
To: mod-security-users <at> lists.sourceforge.net
Message-ID:
        <CA+g953MWPErYG56SYOzEti+2gs=YxUSssHSdz2Z6-kZPaAMx1w <at> mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Ehan,

If using Apache it will protect each virtualhost on the server. If you want
disable any virtual host from monitoring just include SecRuleenging off.

Regards,
Suresh

On Tue, Aug 5, 2014 at 2:16 PM, Ehsan Mahdavi <ehsan.mahdavi <at> gmail.com>
wrote:

> Greetings,
>
> I am trying to protect a large domain containing many sub-domains all with
> a specific post-fix on their names, e.g. site1.domain.com ,
> site2.domain.com, .... , siten.domain.com .
>
> I am wondering if I can configure a reverse proxy so modsecurity will
> protect something like *.domain.com?
>
> P.S. I'm Using mod-security with apache.
> P.S. Different domain names have different IP addresses.
>
> --
>                     regards
>                  Ehsan.Mahdavi
>
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>

--
Thanks,
Suresh
Information Security Analyst
suresh.prajapati <at> bankbazaar.com
Mobile: +91 8884199479
DISCLAIMER:
Information contained and transmitted by this email including any
attachment is proprietary to BankBazaar.com and is intended solely for the
addressee/s, and may contain information that is privileged, confidential
or exempt from disclosure under applicable law. Access to this e-mail
and/or to the attachment by anyone else is unauthorized. If this is a
forwarded message, the content and the views expressed in this email may
not reflect those of BankBazaar.com. If you are not the intended recipient,
an agent of the intended recipient or a person responsible for delivering
the information to the named recipient, you are notified that any use,
distribution, transmission, printing, copying or dissemination of this
information in any way or in any manner is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 4
Date: Tue, 5 Aug 2014 13:54:37 +0430
From: Ehsan Mahdavi <ehsan.mahdavi <at> gmail.com>
Subject: Re: [mod-security-users] domain names with specific prefix
To: mod-security-users <at> lists.sourceforge.net
Message-ID:
        <CAC7V=mwy=QEe3fhZ+LzLD=i2NYpCDh_+hh_AE+=A+Zwy_qcOSA <at> mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

What do you mean?

Do you mean that I must define a virtual host per domain name?
If yes, this is the common solution, and I was asking for something like a
virtual host(just one virtual host) which can support all domain names.
e.g. *.domain.com

On Tue, Aug 5, 2014 at 1:36 PM, Suresh Prajapati <
suresh.prajapati <at> bankbazaar.com> wrote:

> Ehan,
>
> If using Apache it will protect each virtualhost on the server. If you
> want disable any virtual host from monitoring just include SecRuleenging
> off.
>
> Regards,
> Suresh
>
>
> On Tue, Aug 5, 2014 at 2:16 PM, Ehsan Mahdavi <ehsan.mahdavi <at> gmail.com>
> wrote:
>
>> Greetings,
>>
>> I am trying to protect a large domain containing many sub-domains all
>> with a specific post-fix on their names, e.g. site1.domain.com ,
>> site2.domain.com, .... , siten.domain.com .
>>
>> I am wondering if I can configure a reverse proxy so modsecurity will
>> protect something like *.domain.com?
>>
>> P.S. I'm Using mod-security with apache.
>> P.S. Different domain names have different IP addresses.
>>
>> --
>>                     regards
>>                  Ehsan.Mahdavi
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Infragistics Professional
>> Build stunning WinForms apps today!
>> Reboot your WinForms applications with our WinForms controls.
>> Build a bridge from your legacy apps to the future.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> mod-security-users mailing list
>> mod-security-users <at> lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>> http://www.modsecurity.org/projects/commercial/rules/
>> http://www.modsecurity.org/projects/commercial/support/
>>
>>
>
>
> --
> Thanks,
> Suresh
> Information Security Analyst
> suresh.prajapati <at> bankbazaar.com
> Mobile: +91 8884199479
> DISCLAIMER:
> Information contained and transmitted by this email including any
> attachment is proprietary to BankBazaar.com and is intended solely for the
> addressee/s, and may contain information that is privileged, confidential
> or exempt from disclosure under applicable law. Access to this e-mail
> and/or to the attachment by anyone else is unauthorized. If this is a
> forwarded message, the content and the views expressed in this email may
> not reflect those of BankBazaar.com. If you are not the intended recipient,
> an agent of the intended recipient or a person responsible for delivering
> the information to the named recipient, you are notified that any use,
> distribution, transmission, printing, copying or dissemination of this
> information in any way or in any manner is strictly prohibited.
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
>

--
                    regards
                 Ehsan.Mahdavi
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk

------------------------------

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

End of mod-security-users Digest, Vol 99, Issue 11
**************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Disclaimer~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Information contained and transmitted by this e-mail is confidential and proprietary to IGATE and its
affiliates and is intended for use only by the recipient. If you are not the intended recipient, you are
hereby notified that any dissemination, distribution, copying or use of this e-mail is strictly
prohibited and you are requested to delete this e-mail immediately and notify the originator or
mailadmin <at> igate.com <mailto:mailadmin <at> igate.com>. IGATE does not enter into any agreement with any
party by e-mail. Any views expressed by an individual do not necessarily reflect the view of IGATE. IGATE
is not responsible for the consequences of any actions taken on the basis of information provided,
through this email. The contents of an attachment to this e-mail may contain software viruses, wh
 ich could damage your own computer system. While IGATE has taken every reasonable precaution to minimise
this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You
should carry out your own virus checks before opening an attachment. To know more about IGATE please visit
www.igate.com <http://www.igate.com>.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


Gmane