[mod-security-users] args ignored in POST - filter question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] args ignored in POST - filter question
|
From: <Kam...@bd...> - 2008-07-01 14:29:14
|
Hi, I have modsecurity 2.2.5 with apache 2.2.3 in reverse proxy setup. I can create rules for arguments passed directly in URL but my rules are not triggered by argument sent by post. The following rules works well for URL in format https://server.com/path_to_file/file.with.dots sent by GET/POST methods with argument, ie. https://server.com/path_to_file/file.with.dots?lng=foo. But once I send the argument in body of request, it is not detected on server. I tried to play with phase:1, phase:2 in rules but I it gave the same result. I tried also REQUEST_BODY without success. It seems my proxy ignore the body of the request. What do I wrong? Thanks Kamil My config: ---------------- ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost on ProxyPass /path123/ http://127.0.0.3:8080/path123/ SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess Off SecRequestBodyInMemoryLimit 131072 SecRequestBodyLimit 131072 SecDefaultAction "phase:2,log,auditlog,deny,status:500" SecRule REQUEST_FILENAME "^/path_to_file/file\.with\.dots" \ "chain,pass,log,auditlog,id:12344001,msg:'Unknown arguments ARGS_NAMES=%{ARGS_NAMES}'" SecRule ARGS_NAMES "!^(call|page|session)$" SecRule REQUEST_FILENAME "^/path_to_file/file\.with\.dots" \ "chain,pass,log,auditlog,id:12344001,msg:'Unknown arguments ARGS_NAMES=%{ARGS_NAMES}'" SecRule ARGS:lng "!^(cz|en)$" |
