Re: [mod-security-users] help with rule
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iv...@we...> - 2004-11-12 15:21:23
|
modsecurity wrote: > I'm trying to block clients from using web based scripts to send mail from *@paypal.com or with the realname of paypal. This is what the post looks like: > > -----------------------------7d43991d691196 > Content-Disposition: form-data; name="from" > > bi...@pa... > -----------------------------7d43991d691196 > Content-Disposition: form-data; name="realname" > > paypal > > Since the name="from" and the bi...@pa... are not on the same line I'm having a little trouble with this. Can anyone give me a clue as to how this can be done? You don't need to concern yourself with how the data is laid out in a request, mod_security takes care of that for you (I am assuming you are running 1.8.x). Just tell it which parameters to look for: SecFilterSelective ARG_from @paypal\.com$ SecFilterSelective ARG_realname paypal -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |