ModSecurity v2 Apache rules for directory servers
Peter Palfrader
peter at palfrader.org
Tue Aug 14 08:24:55 UTC 2007
On Tue, 14 Aug 2007, Kyle Williams wrote:
>> SecRule REQUEST_URI "!^/tor/server/authority$" "chain,msg:'Badly formed uri'"
>> SecRule REQUEST_URI "!^/tor/status/all$" "chain"
>> SecRule REQUEST_URI "!^/tor/running-routers$" "chain"
>> SecRule REQUEST_URI "!^/tor/dir\.z$" "chain"
>> SecRule REQUEST_URI "!^/tor/server/(?>d|fp)/(?>[A-F0-9]{40})(?>\+[A-F0-9]{40})*\.z$" "chain"
>> SecRule REQUEST_URI "!^/tor/status/fp/[A-F0-9]{40}(?>\+[A-F0-9]{40})*\.z$"
> Nice! Thank you for that helpful information.
> I will definitely take note of that with the next version of JanusVM.
> Strict rules such as these are a very good idea, because it never hurts to
> check your input before processing it.
Actually they are horrible. They already are out of date and would
reject proper directory requests. Please don't do stuff like this.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
More information about the tor-talk
mailing list