I'm lab with modSecurity using nginx, I have a question
How can you set default action for actione doesn't match anyrule
For example I have set of rule allow people do stuff form 1 set of IP, I want to block all other request?
How caN I do that ?
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
SecGeoLookupDb /usr/local/geo/data/GeoLiteCity.dat
SecRule REMOTE_ADDR "#geoLookup" "phase:1,chain,id:10,allow,log,msg:'Blocking Country IP Address'"
SecRule GEO:COUNTRY_CODE "#pm CN"
SecDefaultAction "phase:1,log,auditlog,drop,status:403,tag:'SLA 24/7'"
If you want to deny all requests which didn't matched with any rules before, you have to create an explicit unconditional rule (SecAction) at the end of set of your rules, something like this:
SecAction "id:10001,phase:1,deny,status:403,log"
Please note, that with this solution (rule in phase:1) you can't use any other phase. Of course, you should put this rule into phase:2, but without any rule in that phase, it's enough.
More notes for your example:
your action is allow but the message is Blocking Country IP Address, this is a bit confusing
if you want to control only the access/not access by country, there is a standalone Nginx module, you don't need any WAF
Related
I am having trouble getting the right variable based on a Role.
Perhaps I have the answer but I am not sure and could not find it in the documentation and here in the other questions.
TL;DR:
Multiple Roles on a variable use an OR, not an AND?
Intro
In Infrastructure I have multiple roles assigned to a machine:
WebServer
ApplicationServer
ApplA
ApplB
A variable has two values, each value has the role WebServer and ApplA or ApplB.
In Process the same combination of the Roles WebServer and ApplA is used (or WebServer and ApplB).
Problem
The value of the variable of ApplB is used in the step with ApplA.
It seems that this is because it uses an OR between the Roles and not a AND.
Correct?
That's right. If multiple roles are applied in the scope, it means that the variable will have that value for both of those roles individually, not together. You can combine scopes of different types (like DEV and ApplA) but not of the same time.
This section from the docs has a little more information on scope precedence and what happens if there are conflicting values.
In your deployment process, the "Deploy site" steps will run for all targets that have WebServer or ApplA. That might not be what you want.
In this case, you can consider dropping the webserver role for the purposes of scoping the variables and the deployment steps or combine it with your other tags to make them a little more specific. Instead of WebServer, ApplA, and ApplB, you can replace those with ApplA-Web and ApplB-Web for use in your steps and variables.
I hope that helps!
I use mod_security with Apache 2.4. On this platform we have an ecommerce system using the following URL for its administrative tools:
http://www.tld.com/en/backend
I want to achive to goals:
Access to /en/backend only possible from local network (works already, done with rewriteRules
mod_security should be disabled in the backend
And no, "backend" is no physical existing directory, it´s an MVC mapping :)
So I´m looking for some kind of combination between mod_rewrite and mod_security.
Anybody any idea? :)
Thanks in advance,
Michael
It's quite simple: put the exclude rules right after SecRuleEngine directive
SecRuleEngine DetectionOnly
SecRule REQUEST_BASENAME "#beginsWith /url_to_exclude" "id:1,ctl:ruleEngine=Off"
of course, you can use different operators instead of #beginsWith - just like they are described in the official manual
"Modsecurity did not allow me to add these 2 rules with same ID"
Because each rule must have its own unique number.
Rule one is "SecRule REQUEST_BASENAME" #beginsWith / url_to_A "" id: 1, ctl: ruleEngine = Off "
The second rule is "SecRule REQUEST_BASENAME" #beginsWith / url_to_B "" id: 2, ctl: ruleEngine = Off ""
I've got a project I'm working on and some of the files violate some of the rules, but in ways that are not real issues, and are thus distracting noise. However, I don't want to disable these rules globally, and I would prefer not to have to mark 'em as false positives one by one.
Is there a way to disable Sonar rules for specific files, and if so, how?
Since SonarQube 4.0, you can define issue exclusion patterns based on rule key and file path pattern.
On previous versions, you can rely upon the Switch Off Violations plugin.
You can annotate a class or a method with SuppressWarnings.
Here is an example:
#java.lang.SuppressWarnings("squid:S00111")
squid:S00111 in this case is a Sonar issue ID. You can find this issue id from the Sonar web ui.
Building on Mithfindel's answer and dpk's comment, this removes the warning
System.out and System.err should not be used as loggers
from all classes in packages named log (or any subpackage thereof) by adding an ignore pattern for the rule squid:S106:
For a list of the keys to all your rules go to your profile under Quality Profiles and select Download to get a .csv file containing all the rules' keys.
I'm using SonarQube version 4.1.1.
You can set specific files and rules under sonar-project.properties with following contents:
# Ignore Issues
sonar.issue.ignore.multicriteria=e1,e2
# Skip Bold Check
sonar.issue.ignore.multicriteria.e1.ruleKey=Web:BoldCheck
sonar.issue.ignore.multicriteria.e1.resourceKey=**/*.html
# Skip Tag Check
sonar.issue.ignore.multicriteria.e2.ruleKey=Web:S1234
sonar.issue.ignore.multicriteria.e2.resourceKey=**/*.html
Change the ruleKey and resourceKey based on your specific need.
Using below annotation we can ignore the rule from the specific files
For one rule
#java.lang.SuppressWarnings("squid:S2696")
#Slf4j
#Service
public class PaymentServiceImpl implements PaymentService {....
For more than one rule
#java.lang.SuppressWarnings({"squid:S2696", "squid:S1172", "squid:CommentedOutCodeLine"})
#Slf4j
#Service
public class PaymentServiceImpl implements PaymentService {...
Yes, it is possible.
1.Goto Administration tab->Analysis Scope->Issues
2.There , you will find "Ignore Issues on Multiple Criteria".
3.Provide Rule ID in "Rule Key pattern" textbox [Rule ID can be found by clicking on the particular rule and find it in top right corner]
4.Provide Filepath for which you need to ignore rule in "File Path Pattern" textbox
5.Click on Save Issues settings
Image to know where Rule ID will be present in the page
Image where Rule key pattern and File Key pattern text boxes are present
I want to create location pages in my codeigniter site. So I have one contrller named locations and index method. So all the requests http://mysite.com/location_name should be landed to http://mysite.com/index.php/locations/index. And all other should work as it is like http://mysite.com/login should be landed to http://mysite.com/index.php/home/login. Contact us http://mysite.com/contact-us should be landed to http://mysite.com/index.php/home/contact.
I tried to achieve this by writing following line route rule (route.php):
$route['(:any)'] = 'locations'; //location name can be anything around the world
So locations are working fine, but http://mysite.com/login and http://mysite.com/contact-us are not working, they redirecting continuously in infinite loop.
Please suggest the solution. Thank.
The routes are applied from top to bottom, so you need to have your more specific rules listed first, then your more generic rules last:
$route['login'] = 'home/login';
$route['contact-us'] = 'home/contact';
$route['(:any)'] = 'location/index';
I see that you mentioned you've tried changing the order of rules in your route file. So If you have done this and it's not working - you have something else going on.
I would check these things:
.htaccess file (if you're using it)
controllers that are causing the infinite loop (any redirections in there, _remap method, etc. )
I know this doesn't exactly match the form of www.example.com/class/function/ID/, but what I want to display to the user would make more sense.
This is what I would like to do:
www.example.com/project/id/item/item_id/
So, an example would be:
www.example.com/project/5/item/198237/
And this would be the behavior:
www.example.com/project/ --> This would show a list of projects (current implementation)
www.example.com/project/5/ --> This would show a list of items on project 5 (current implementation)
www.example.com/project/5/item/ --> This wouldn't really mean anything different than the line above. (Is that bad?)
www.example.com/project/5/item/198237/ --> This would show details for item 198237.
So, each item is directly associated with one and only one project.
The only way I can think how to do this is to bloat the "project" controller and parse the various parameters and control ALL views from that "project" controller. I'd prefer not to do this, because the model and view for an "item" are truly separate from the model and view of a "project."
The only other solution (that I am currently implementing and don't prefer) is to have the following:
www.example.com/project/5/
www.example.com/item/198237/
Is there any way to build a hierarchical URL as I showed at the beginning without bloating the "project" controller?
There are 3 options, sorted by how practical they can be:
Use URI Routing. Define a regular expression that will use a specific controller/method combination for each URL.
Something like that could help you, in routes.php:
$route['project/'] = 'project/viewall';
$route['project/(.+)'] = 'project/view/$1';
$route['project/(.+)/item/'] = 'project/view/$1';
$route['project/(.+)/item/(.+)'] = 'item/view/$2';
That is, considering your controllers are item and project respectively. Also note that $n in the value corresponds to the part matched in the n-th parenthesis.
Use the same controller with (or without) redirection. I guess you already considered this.
Use redirection at a lower level, such as ModRewrite on Apache servers. You could come up with a rule similar to the one in routes.php. If you are already using such a method, it wouldn't be a bad idea to use that, but only if you are already using such a thing, and preferably, in the case of Apache, in the server configuration rather than an .htaccess file.
You can control all of these options using routes.php (found in the config folder). You can alternatively catch any of your URI segments using the URI class, as in $this->uri->segment(2). That is if you have the URL helper loaded. That you can load by default in the autoload.php file (also in the config folder).