https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRuleUpdateTargetByTag

Example Usage: SecRuleUpdateTargetByTag "WEB_ATTACK/XSS" "!ARGS:foo"

So I understand with that sample you shoud use doble quotations?
SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION"  "!ARGS_NAMES:/property/"
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS" "!ARGS_NAMES:/property/"

Kind regards


2014-01-28 David R <rewt@linux-elite.org>


Hi Ryan,
I pushed them in the virtualhost config at first (just to be sure that the
rules will be pushed only for the domain)


Then i tried the following in crs_999_exclude.conf:

SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" !ARGS:.*property.*
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS"
!ARGS:.*property.*

SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" !ARGS_NAMES:.*property.*
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS"
!ARGS_NAMES:.*property.*

SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION"
!ARGS_NAMES:/.*property.*/
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS"
!ARGS_NAMES:/.*property.*/

SecRuleUpdateTargetByTag "WEB_ATTACK/SQL_INJECTION" !ARGS_NAMES:/property/
SecRuleUpdateTargetByTag "WEB_ATTACK/RESTRICTED_SQLI_CHARS"
!ARGS_NAMES:/property/

All these combinatgions gave me the same result -> Score 44 on the ARGS
ARGS:property_value_74_inst0_882538.
property_value_74_inst0_882538

Any idea ?





------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/