[mod-security-users] Translation of v1 to v2 rules
Brought to you by:
victorhora,
zimmerletw
From: K. C. L. <li...@la...> - 2006-12-15 11:23:25
|
We used to have the following mod_security v1 rule to block countless comment spam: SecFilterSelective ARGS "(^|[^_])(comments?|story)=.*(href|http)" However, the following translation (our interpretation) doesn't appear to work in the same way. SecRule REQUEST_URI|REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(^|[^_])(comments?|story)=.*(href|http)" \ "deny,log,status:501,id:ZZ0004,severity:2,msg:'Comment Spam'" What is the problem and how do we rectify it please? While we are at it, are the following v1 rules correctly translated to the next block of v2 rules please? v1: SecFilterSelective HTTP_x-aaaaaaaaa|HTTP_XAAAAAAAAA ".+$" SecFilterSelective HTTP_x-aaaaaaaaaaa|HTTP_XAAAAAAAAAAA ".+$" SecFilterSelective HTTP_x-aaaaaaaaaaaa|HTTP_X_AAAAAAAAAAAA ".+$" v2 of the above rules: SecRule HTTP_x-aaaaaaaaa|HTTP_XAAAAAAAAA ".+$" \ "deny,log,status:501,id:ZZ0010,severity:2,msg:'Comment Spam'" SecRule HTTP_x-aaaaaaaaaaa|HTTP_XAAAAAAAAAAA ".+$" \ "deny,log,status:501,id:ZZ0011,severity:2,msg:'Comment Spam'" SecRule HTTP_x-aaaaaaaaaaaa|HTTP_X_AAAAAAAAAAAA ".+$" \ "deny,log,status:501,id:ZZ0012,severity:2,msg:'Comment Spam'" Regards, Kwong Li li...@la... Laser Business Systems Ltd. http://www.laser.com http://www.cbus-shop.com |