[solved]request filter rule - only allow specific IP to login for usernames

Discussion in 'Install/Configuration' started by c0ldshadow, Aug 14, 2011.

  1. c0ldshadow

    c0ldshadow New Member

    Hi Team,

    I am trying to make it so only a specific IP address 5.5.5.5 can login
    with specific usernames (admin or test) in the POST data of a login script on a vbulletin forum:

    From .htaccess file:

    SecRule REQUEST_URI "^\/login\.php\?do=login" chain
    SecRule ARG_vb_login_username ((test)|(admin)) chain
    SecRule REMOTE_ADDR !^5\.5\.5\.5$


    I have tried the above rule and many other variations but can't seem to
    figure out how to accomplish this.



    additionally i try this in the Admin panel and removed everything from htaccess. action is

    log,deny,status:403,msg:'test'

    SecFilterSelective THE_REQUEST "/login\.php" chain
    SecFilterSelective ARG_vb_login_username "test" chain
    SecFilterSelective REMOTE_ADDR "!^5\.5\.5\.5$"

    doesn't work either. i can login with the username test from both the IP in the rule and other IP

    i did try gracefully restarting, it didnt fix the nonworking

    Please advise.

    Best Regards,

    -Avery
    Last edited by a moderator: Aug 19, 2011
  2. webizen

    webizen New Member

    for .htaccess to work, make sure "Disable .htaccess Override" => No/Not Set (Admin CP -> Configuration -> Server -> Request Filter).
  3. c0ldshadow

    c0ldshadow New Member

    hey, i already have that option set but the filter doesn't work

    any idea what to try next? is this a bug?

    something just isn't right...


    SecFilterSelective REQUEST_URI "/login\.php" ### this alone DOES cause a block when i try accessing the script

    if i try adding one more line so its

    SecFilterSelective REQUEST_URI "/login\.php" chain
    SecFilterSelective ARG_vb_login_username "myname"

    it doesn't cause a block when i try login with 'myname'.. why is it failing at this point?
    Last edited: Aug 16, 2011
  4. webizen

    webizen New Member

    enable DEBUG logging (Admin CP -> Configuration -> Server -> Logging: Log Level=DEBUG, Debug Level=!NONE) and tail error log (e.g. /usr/local/lsws/logs/error.log) to see what's going on.
  5. c0ldshadow

    c0ldshadow New Member

    hey , still no luck=( the log is not reporting anything about blocks when i try logging in with that username. i see other stuff in the log appearing but nothing related to mod security

    i checked the POST data for vbulletin logins and I'm not seeing why this filter isn't catching it
  6. c0ldshadow

    c0ldshadow New Member

    hi team any update on this one? if you want me to share link to my site or any other details that might help solve problem plz let me know
  7. webizen

    webizen New Member

    Please pm the link so we can verify/reproduce.
  8. c0ldshadow

    c0ldshadow New Member

    thx PM sent
  9. NiteWave

    NiteWave Administrator

    please force-reinstall 4.1.3, it tried to fix this issue. please update if fix or not.
  10. webizen

    webizen New Member

    If lsws runs with Apache httpd.conf, rules in request filter (Admin CP -> Configuration -> Server -> Request Filter -> Request Filtering Rule Set) have NO effect. They need to be placed in httpd.conf or .htaccess (with "Disable .htaccess Override" => No/Not Set).
  11. c0ldshadow

    c0ldshadow New Member

    hi, yes i am using the .htaccess method. the .htaccess does work when i just block people from accessing a script (as evidence by error log messages and the page not showing)... but the chaining for the POST data doesn't work.

    i will try the force-reinstall, but before i do that, is it safe to do that while my site is live / running a vbulletin forum? plz verify it is safe to do that
  12. webizen

    webizen New Member

    yes, it is safe to do force-reinstall. the latest 4.1.3 build should be working fine with the chaining for POST data.
    Last edited: Aug 19, 2011
  13. c0ldshadow

    c0ldshadow New Member

    after force-reinstall it works!!! so happy

    ps. i see u guys located in NJ. i'm from pennington NJ originally. small world

Share This Page