oka Posted November 21, 2011 Share Posted November 21, 2011 Hi all. I had setup modsecurity with prestashop with mod_rewrite for friendly url. Now what i need is to set a <FilesMatch> directive in apache for catch a variable in authentication.php so i write this directive : <FilesMatch "authentication\.php"> SecRule ARGS:email [email protected] </FilesMatch> But it is not matching anything Then i set up this: <FilesMatch "AuthController\.php"> SecRule ARGS:email [email protected] </FilesMatch> and does not work, so i think my mod_rewrite brokes the hability to FilesMatch a script. The question is how to match a script in apache with mod_rewrite (i think)? Regards. Link to comment Share on other sites More sharing options...
gkontos Posted November 21, 2011 Share Posted November 21, 2011 Hi oka, mod_rewrite and mod_security are 2 different modules. mod_rewrite main purpose is to rewrite URLS to a more user friendly style. The fact that it uses regular expressions to match a rewrite can be used as a first level of defense. But its main purpose is to rewrite mod_security on the other hand has been evolved to a very powerful web application firewall. So, in your case you would need to read and experiment with it. A word of warning, never experiment with mod_security in a production environment. Link to comment Share on other sites More sharing options...
oka Posted November 21, 2011 Author Share Posted November 21, 2011 Hi gkontos. I know what is modsec and rewrite The problem is if i setup prestashop wihtout rewrite i can do this : <FilesMatch "authentication\.php"> SecRule ARGS:email [email protected] </FilesMatch> And with prestashop with mod_rewrite enabled i can't do it. Regards. Link to comment Share on other sites More sharing options...
gkontos Posted November 21, 2011 Share Posted November 21, 2011 Hi gkontos. I know what is modsec and rewrite The problem is if i setup prestashop wihtout rewrite i can do this : <FilesMatch "authentication\.php"> SecRule ARGS:email [email protected] </FilesMatch> And with prestashop with mod_rewrite enabled i can't do it. Regards. Ok then I apologize for the lesson Depending on the languages you use, how about something like that: FilesMatch ^en/authentication$ Cheers, George Link to comment Share on other sites More sharing options...
oka Posted November 22, 2011 Author Share Posted November 22, 2011 Hi gkontos. I'm using only spanish and the url is like : http://www.example.com/autenticacion So i setup this: <FilesMatch "^autenticacion$"> SecRule ARGS:email [email protected] </FilesMatch> </IfModule> But it is not working like expected. Regards Link to comment Share on other sites More sharing options...
laurencarter Posted December 3, 2011 Share Posted December 3, 2011 To solve the problem of my Apache server log for some domains exceeding the 2GB filesize limit, I've recently added some extra directives to httpd.conf to log images to a separate log. Hcg Ultra Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now