Re: [mod-security-users] How to use ModSecurity with selected HTTP variables?
Brought to you by:
victorhora,
zimmerletw
From: Gaurav K. <gau...@gm...> - 2010-01-21 21:22:15
|
I am planning to run my custom rules, I think ARGS_POST and ARGS_POST_NAMES will do the trick. Many thanks! On Thu, Jan 21, 2010 at 1:12 PM, Jamuse <ja...@gm...> wrote: > On Thu, Jan 21, 2010 at 11:01 PM, Gaurav Kumar <gau...@gm...>wrote: > >> >>> I wish to run ModSecurity on selected HTTP variables, please let me >>> know if this supported. If yes, how do I configure it? >>> >>> > Hi Gaurav, > > Are you planning on running the CRS or your own custom rules. You can > access HTTP Post variables via the ARGS_POST and ARGS_POST_NAMES variables. > > - J > > >> Let me clarify what I mean by selected HTTP variables. Lets say there >>> is a webapp which accepts user input via HTTP post variables. The >>> variables could be= Uid, pwd, ip, useragent etc. I want to exclude ip >>> and useragent from being processed by modsecurity. >>> >>> thanks, >>> -- >>> GK >>> >> >> >> >> -- >> GK >> >> >> ------------------------------------------------------------------------------ >> Throughout its 18-year history, RSA Conference consistently attracts the >> world's best and brightest in the field, creating opportunities for >> Conference >> attendees to learn about information security's most important issues >> through >> interactions with peers, luminaries and emerging and established >> companies. >> http://p.sf.net/sfu/rsaconf-dev2dev >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Appliances, Rule Sets and Support: >> http://www.modsecurity.org/breach/index.html >> >> > -- GK |