I implement rules which must be performed before a "?" and not after.
I would like to use an attribute like SCRIPT_URI but ModSecurity seems to not understand it.
The syntax i use is like the following:
--> In httpd.conf:
SecFilterSelective [ATTRIBUTE] "[character to deny]" id:1000
SecFilter "[character to deny]" id:1010
--> In mapping.conf:
SecFilterRemove 1001 1005
This e-mail is intended only for the above addressee. It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it. If you have
received it in error please delete it and immediately notify the sender.
Security Notice: all e-mail, sent to or from this address, may be
accessed by someone other than the recipient, for system management and
security reasons. This access is controlled under Regulation of
Investigatory Powers Act 2000, Lawful Business Practises.