Re: [mod-security-users] REQUEST_BODY question.
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2008-05-27 16:03:24
|
What version of ModSecurity are you using? Can you give some audit log examples of the type of transaction you want to block? My guess here is that while you do want to use RegEx anchors for the SCRIPT_FILENAME variable (to reduce evasions and false positives) it is probably too restrictive and is preventing the REQUEST_BODY variable from matching as there is probably other data present such as the parameter names, etc... ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of SoFy DeNiro Sent: Tuesday, May 27, 2008 9:15 AM To: mod...@li... Subject: [mod-security-users] REQUEST_BODY question. Hello, I'm trying to make some files denied for any user,expect if he have 0 UID. I tried this rule : SecRule SCRIPT_FILENAME|REQUEST_BODY "^/home/user/important\.php$" chain SecRule "SCRIPT_UID "!^0$". then, I can't log to this file from browser and that's fine, but I can get it from php codes, so that's mean the REQUEST_BODY didn't work.. any suggestions ? Thanks. |