Re: [mod-security-users] Adding a rule to sanitise a particular GET variable
Brought to you by:
victorhora,
zimmerletw
From: Tom B. <to...@t0...> - 2010-09-07 09:59:38
|
Thanks for this reply. I've actually been on holiday for a week, so have only just got to see your mail. I changed the rule to match the secdefaultaction in most ways, as well as adding my msg: argument. The rule is working now. I think that not specifying the phase wasa the problem perhaps? I'm going to re-read the docs to see if I can figure out precisely why I've fixed it anyway :) SecRule ARGS:domain_name "!(?i:^[[:alnum:]\.\-]*$)" "phase:2,log,deny,status:403,msg:'argument to domain_name parameter disallowed'" Thanks for all the assistance. Tom. On 28/08/10 20:57, Jamuse wrote: > > > On Fri, Aug 27, 2010 at 10:40 PM, tom <to...@t0... > <mailto:to...@t0...>> wrote: > > Hi Ryan, > > Thanks for getting back to me so soon. I'm quite happy to keep > the rule > simple for the moment, and really did just want to know why it wasn't > working. I do have more complex rules in the armory so to speak, and > will probably do more with mod_sec, which I'm just dipping my toes > in to > at the moment :) I can see from the rule that you posted that I was > just missing the beginning and end of line specifiers ^$, so that's > fixed my rule so that it's matching the things I want it to match now, > so thanks for that! It still seems to let requests through though, > > > > Hi Tom, > > Does ModSec let all requests that match through or just intermittent > ones? Did you try increasing the SecDebugLogLevel to clarify what is > happening? Also silly question, but is SecRuleEngine set to On? > > -- > - Josh |