Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Enhanced rules now available

The last change before the 1.7 release is now in the CVS. I have refactored the code dealing with rule processing, and added three new actions: allow, skipnext, and chain. Allow enables you to stop rules processing on a single rule match, and let the request through. With skipnext you can skip one or more rules. Finally, the chain action is used to chain several filters together, essentially a logical AND. The final rule in the chain will be processed only if all rules before it match. These rules make mod_security much more fun to play with.

So, let's say that you want to restrict administration access to an application but you can't do it with standard Apache directives because the admin shares the same login panel as other users. No problem:

SecFilterSelective ARG_username admin chain