The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security Rule Question

Discussion in 'Security' started by Nhojohl, Dec 21, 2007.

  1. Nhojohl

    Nhojohl Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    I'm currently using a custom set of mod security rules that works beautifully, however, one of the rules I added:
    Code:
    SecRule REQUEST_URI|ARGS "\.txt"
    Blocks any attempt to visit any url on the server with .txt in the request uri, it works how I want it to to prevent any remote injection like ht tp://trimedia-online.net/ihmank/id.txt (no thats not my site, it was an attempt that was blocked). However, it blocks bots from reading robots.txt.

    Is there any way I can have it block any url with .txt in the REQUEST_URI with the exception of robots.txt? I'm sure there is, I'm just not any good with regex :/

    Thanks
    - John
     
    #1 Nhojohl, Dec 21, 2007
    Last edited by a moderator: Dec 21, 2007
  2. javitox

    javitox Member

    Joined:
    Dec 17, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    mmm

    hello


    Why you block .txt only files ??? RFI attacks could be in any type lie .jpg , .pl etc etc.

    In my server I have this rule:


    SecFilterSelective THE_REQUEST "=http://"


    it block any remote file inclusion =) , because all url lika blah.com/id.php?root_path=http://


    will be blocked.

    good luck , bye
     
  3. Nhojohl

    Nhojohl Well-Known Member

    Joined:
    Nov 28, 2006
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    It's so damn obvious I can't believe I didn't think of it.... Thanks :D

    EDIT: Used the following rules for anyone else who may want to do this with mod_security2

    Code:
    SecRule REQUEST_URI|ARGS "=http://"
    SecRule REQUEST_URI|ARGS "=https://"
    SecRule REQUEST_URI|ARGS "=ftp://"
     
    #3 Nhojohl, Dec 21, 2007
    Last edited: Dec 21, 2007
Loading...

Share This Page