Could the index log file be divided by day?

Hi,

Does anyone know if ModSecurity log file "index" can be daily divided?

Thanks

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users

Re: Could the index log file be divided by day?

On 9/3/06, gyoho.ga.gm <at> hitachi.com <gyoho.ga.gm <at> hitachi.com> wrote:
> Does anyone know if ModSecurity log file "index" can be daily divided?

Take a look at cronolog: www.cronolog.org

-B

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Could the index log file be divided by day?

Hello,

      can someone help me with the following configuration?

      i want to setup a filter that blocks a URL if a word bank ( case
      should not matter) shows up anywhere in the URL.

       i.e. www.domain.com/bank?param=1111 or www.bankdomain.com/ or
       www.domain.com/asdlfasdl;fkj/bank/dafads

       we tried

       SecFilter "bank*" and that just starting blocking ALL of the
       URLs.

       any ideas would be really appreciated.

--

-- 
Best regards,
 Alex Korneyev                           mailto:alex.k <at> hostforweb.com

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Could the index log file be divided by day?

try this
SecFilterSelective REQUEST_URI "bank"

otherwise, you should use Regular Expression.

see if it works.

>Hello,
>
>      can someone help me with the following configuration?
>
>      i want to setup a filter that blocks a URL if a word bank ( case
>      should not matter) shows up anywhere in the URL.
>
>       i.e. www.domain.com/bank?param=1111 or www.bankdomain.com/ or
>       www.domain.com/asdlfasdl;fkj/bank/dafads
>
>       we tried
>
>       SecFilter "bank*" and that just starting blocking ALL of the
>       URLs.
>
>       any ideas would be really appreciated.
>
>-- 
>Best regards,
> Alex Korneyev                           mailto:alex.k <at> hostforweb.com
>
>
>

Re: Could the index log file be divided by day?

Hello gyoho gm,

      "otherwise, you should use Regular Expression."

      can you give me a link to documentation or give me an example of
      the    " Regular Expression" method?

      
-- 
Best regards,
 Alex Korneyev                           mailto:alex.k <at> hostforweb.com
===========================================
From: gyoho.ga.gm <at> hitachi.com
Sent: 11:32:52 PM
To: 
Subject: [mod-security-users] Could the index log file be divided by day?

try this
SecFilterSelective REQUEST_URI "bank"

otherwise, you should use Regular Expression.

see if it works.

>Hello,
>
>      can someone help me with the following configuration?
>
>      i want to setup a filter that blocks a URL if a word bank ( case
>      should not matter) shows up anywhere in the URL.

Re: Could the index log file be divided by day?

Alex Korneyev wrote:
> Hello gyoho gm,
> 
> 
>       "otherwise, you should use Regular Expression."
> 
>       can you give me a link to documentation or give me an example of
>       the    " Regular Expression" method?
> 

SecFilterSelective REQUEST_URI "bank"

This _is_ the regular expression method. The simplest and cleanest way of 
matching the occurrence of the 4 letters "bank" in that sequence  in a given 
string is to use the regexp: "bank". The rest of the above line merely 
restricts the match to the request URI and not the rest of the header.

http://www.regular-expressions.info/ or google for tons of other resources.

Terry.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Disable POST scanning on a directory

Mod_Security: 1.9.4
Apache: 1.3.37

Hi folks,

I have mod_security compiled with the .htaccess disabled for added security but
now find myself needing to disable post scanning on one directory and
unfortunately can't add this via the .htaccess capability. Does anyone have any
suggestions?

I have a rule exclude file which contains a number of paths/commands that
mod_security should exclude, but I don't know how to tell mod_security to
exclude post scanning on one directory.

Any help is greatly appreciated!

Thanks,

SW 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

Re: Disable POST scanning on a directory

<Location /paths/commands>
SecFilterSelective HTTP_Content-Type
"^$|^application/x-www-form-urlencoded$|^multipart/form-data,|^multipart/form-data;" nolog,pass
</Location>

see if it works.

>Mod_Security: 1.9.4
>Apache: 1.3.37
>
>Hi folks,
>
>I have mod_security compiled with the .htaccess disabled for added security but
>now find myself needing to disable post scanning on one directory and
>unfortunately can't add this via the .htaccess capability. Does anyone have any
>suggestions?
>
>I have a rule exclude file which contains a number of paths/commands that
>mod_security should exclude, but I don't know how to tell mod_security to
>exclude post scanning on one directory.
>
>Any help is greatly appreciated!
>
>Thanks,
>
>SW 
>
>
>

Re: Disable POST scanning on a directory

Hi,

Thank you for your help! Your mod_sec rule seemed to work but I ran into
another problem. I got around my 2nd problem by using the following rule
instead:

<Location /cgi-bin/uber_uploader.pl>
SetEnvIfNoCase Content-Type "^multipart/form-data;" "MODSEC_NOPOSTBUFFERING=Do
not buffer file uploads"
</Location>

My questions are:

1. Is the rule above 'proper' mod_sec format/syntax?

2. Am I shooting myself in the foot w/ the above rule regarding possible
security breaches?

I'm not a mod_sec rule expert so any help is greatly appreciated.

Thanks,

SW

--- gyoho.ga.gm <at> hitachi.com wrote:

> 
> <Location /paths/commands>
> SecFilterSelective HTTP_Content-Type
>

mod security and error message displaying

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users