Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

whitelist rule for URIs, skipAfter, SecMarker

Rules
horrorshow
2011-07-07
2013-06-12
  • horrorshow
    horrorshow
    2011-07-07

    Hi, I am setting up a whitelist of URI's with a modsecurity rule, which is based on a sample
    rule found in ModSecurity 2.5 by Magnus Mischel.. but it doesn't work as expected.
    Please let me know if what I am doing here is incorrect.
    For any URI that doesn't begin with /abc/login/ and /abc/home/, I am trying to block access.

    SecRule REQUEST_URI "@beginsWith /abc/login/" "pass,skipAfter:101"
    SecRule REQUEST_URI "@beginsWith /abc/home/" "pass,skipAfter:102"
    SecAction "deny,msg:'Not on whitelist'"

    SecMarker 101
    SecAction "pass,skipAfter:9999"

    SecMarker 102
    SecAction "pass,skipAfter:9999"

    SecMarker 9999