Thank you Sergio but I have no admin access to the server, I only can edit the htaccess file and the mod security version is below 2.5 which doesn't support @pmFromFile

And I don't want a bloated up htaccess file. I only add rules manually after a bad spider has hit an invalid page on my website.

So can't anyone just tell me what's wrong with my single line?

Thank you very much!

Cheers

Michael

--

On 29/01/2010 2:16 p.m., Sergio wrote:
Michael,
you can use GotRoot modsec rules, they have a very nice rule for doing what you want, and the best of all is that the rule is made with a @pmFromFile that you can use what they gave you or you can set your own malware-blacklist file.

Regards,
Sergio

On Thu, Jan 28, 2010 at 4:52 PM, Michael Heuberger <michael.heuberger@binarykitchen.com> wrote:
H

I tried following rule:
SecFilterSelective REQUEST_URI "\=(http|ftp|https)\:/" "msg:'Inclusion attacks
not allowed'"

But somehow it doesn't work. I want to filter out URLs like
"http://www.deafzone.ch/?id=http://www.sun-angel.ru//js/gid.gif"

Any inclusion attach beginning with "=http:" or "=ftp:" or "=https:" should be
filtered out with the above rule.

Maybe I did something wrong?

Thank you for your help

Michael H.


------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html


-- 

Binary Kitchen
Michael Heuberger
10N Sylvan Avenue East
Mt Eden
Auckland 1024
(New Zealand)

Mobile (text only) ...  +64 21 261 89 81
Email ................  michael@binarykitchen.com
Website ..............  http://www.binarykitchen.com