whitelist rule for URIs, skipAfter, SecMarker

Brought to you by: victorhora, zimmerletw

whitelist rule for URIs, skipAfter, SecMarker

Forum: Rules

Creator: horrorshow

Created: 2011-07-07

Updated: 2013-06-12

horrorshow - 2011-07-07

Hi, I am setting up a whitelist of URI's with a modsecurity rule, which is based on a sample
rule found in ModSecurity 2.5 by Magnus Mischel.. but it doesn't work as expected.
Please let me know if what I am doing here is incorrect.
For any URI that doesn't begin with /abc/login/ and /abc/home/, I am trying to block access.

SecRule REQUEST_URI "@beginsWith /abc/login/" "pass,skipAfter:101"
SecRule REQUEST_URI "@beginsWith /abc/home/" "pass,skipAfter:102"
SecAction "deny,msg:'Not on whitelist'"

SecMarker 101
SecAction "pass,skipAfter:9999"

SecMarker 102
SecAction "pass,skipAfter:9999"

SecMarker 9999

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.