Hello Reindl,

We had a mistake in the code during the integration with the new ports and the "block" action was disabled by mistake.
I will be releaseing 2.7.1 this week and set it back.

I you want i can send you a tarball of 2.7.1 earlier to test and check it this is the issue in your case.

Thanks

On Tue, Oct 30, 2012 at 10:59 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
why does the following rules no longer work?

goal is/was to block any request with the listed parameters
which contains non-numeric chars or numeric values with
more than 7 characters...........
__________________________________________

[root@testserver:/etc/httpd/modsecurity.d]$ cat modsecurity_99_protected_vars.conf
SecDefaultAction "log,auditlog,deny,status:400,phase:1"

SecRule ARGS "!^\d{1,7}$" "id:'83',chain,phase:1,capture,logdata:'%{matched_var}',block,msg:'out of range'"
SecRule MATCHED_VARS_NAMES "@pmFromFile modsecurity_99_protected_vars.data" "chain,capture"
SecRule MATCHED_VAR "@streq %{tx.0}"

SecRule ARGS "!^\d{1,7}$" "id:'84',chain,phase:2,capture,logdata:'%{matched_var}',block,msg:'out of range'"
SecRule MATCHED_VARS_NAMES "@pmFromFile modsecurity_99_protected_vars.data" "chain,capture"
SecRule MATCHED_VAR "@streq %{tx.0}"
__________________________________________

[root@testserver:/etc/httpd/modsecurity.d]$ cat modsecurity_99_protected_vars.data
blog_comment_refid
blog_id
blog_showpage
cfg_id
cms_remember_login
dbid
detail_id
ds_id
ext_group
ext_id
fo_board_id
gh_id
gid
gi_id
gi_sid
gs_hid
gs_id
gs_lightbox
gs_rnd_hr_enable
gs_rnd_tn_enable
gs_show_title
gs_tn_lupe
gs_zoom
hid
item_id
k2sid
kid
ksid
lock_id
lock_key
od_id
pal_id
pc_entry_group_id
pc_entry_id
pc_group_id
pers_id
portal_gruppe
portal_id
portal_kategorie
ps_id
pvc_id
pvi_id
s2id
s2sid
shid
show_item
show_thread
sid
vgid
vugid
vuid
vvid
vvuid
yc_aktiv
yc_id
yc_page
yi_cid
yi_id
yi_page
yk_aktiv
yk_id
yk_item



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/