Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
Hi, I am setting up a whitelist of URI's with a modsecurity rule, which is based on a sample
rule found in ModSecurity 2.5 by Magnus Mischel.. but it doesn't work as expected.
Please let me know if what I am doing here is incorrect.
For any URI that doesn't begin with /abc/login/ and /abc/home/, I am trying to block access.
SecRule REQUEST_URI "@beginsWith /abc/login/" "pass,skipAfter:101"
SecRule REQUEST_URI "@beginsWith /abc/home/" "pass,skipAfter:102"
SecAction "deny,msg:'Not on whitelist'"