I'm trying to make some files denied for any user,expect if he have 0 UID. I tried this rule :

SecRule SCRIPT_FILENAME|REQUEST_BODY "^/home/user/important\.php$" chain
SecRule "SCRIPT_UID "!^0$".

then, I can't log to this file from browser and that's fine, but I can get it from php codes, so that's mean the REQUEST_BODY didn't work..

any suggestions ?