I'm trying to setup rule which will block POST requests as described below
(this is what I catch when I test my rule):
POST /phpscript.php HTTP/1.1
Content-Length: [some number - everytime different]
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR
Content-Disposition: file; name="any-word-different";
after content type I catch script code, which has common words, like
"webshell" or "wso2"
I would like to block such requests, but whatever rule I'm building, I get
Message: Multipart parsing error: Multipart: Invalid Content-Disposition
header (-1): file; name="any-word"; filename="some-filename".
and it recives message 200 so this file is uploaded into server.
Can you help me to setup rule which will deny such requests?