Re: [mod-security-users] SecFilterForceByteRange vs. validateByteRange
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2006-11-07 17:36:41
|
On 11/7/06, Achim Hoffmann <ah...@se...> wrote: > !! > !! You can use a single operator in a rule. Therefore @validateByteRange, > !! being an operator and not an action, can't be used "with" other staff. > !! Neither can it be used in SecDefaultAction. > > so I nee to use @validateByteRange in every rule then? > That's a pain if you have dozent of rules. > > ... > > !! - You can specify a different range for different variables. > !! - It has an "event" context (id, msg....) > !! - It is executed in the flow or rules rather than being a build in > !! pre-check (Ivan, correct me if I'm wrong here). > > So we have some more features, that's good. But we lost the default, which > ends up in an error-prone modification of each rule. > Or do I miss something? No. The idea is to use @validateByteRange only once at the beginning of your rule set against all of the input. For example, just use it against ARGS and you're done. That's exactly how it worked before. -- Ivan Ristic |