Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

using iptables marks or ipsets #3289

Open
f1-outsourcing opened this issue Oct 29, 2024 · 1 comment
Open

using iptables marks or ipsets #3289

f1-outsourcing opened this issue Oct 29, 2024 · 1 comment
Labels
2.x Related to ModSecurity version 2.x

Comments

@f1-outsourcing
Copy link

I have multiple ipsets the /24 is having around 50k entries. I was thinking of not dropping or rejecting this traffic. But redirecting it to a page. Sort of what cloudflare is doing.
I thought maybe a good performing if eg iptables could mark traffic and mod_security could use that in their rules. Or maybe even better, have mod_security access ipsets directly?

I have the impression this does not exist yet, is there maybe an alternative I don't know about?
@f1-outsourcing f1-outsourcing added the 2.x Related to ModSecurity version 2.x label Oct 29, 2024
@airween
Copy link
Member

airween commented Oct 31, 2024

Hi @f1-outsourcing,

I'm afraid mod_security2 (more precisely the Apache) can't access the marked parts of an IP packet - of if it does, you can't access them through any variable. Therefore you can't control them (redirect, etc...).

But if you have the exact list, and use Apache (you added the label [2.x]), then you should do that on Apache side. You don't need to delegate this task to ModSecurity IMHO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.x Related to ModSecurity version 2.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@airween @f1-outsourcing