Re: [mod-security-users] args ignored in POST - filter question
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] args ignored in POST - filter question
|
From: Christian B. <ch...@jw...> - 2008-07-01 14:32:40
|
Hi Kamil!
Did you enable the SecRequestBodyAccess property?
You should have a statement like:
SecRequestBodyAccess On
in your rule-file.
Regards,
Chris
Am 01.07.2008 um 16:28 schrieb <Kam...@bd...> <Kam...@bd...
>:
> Hi,
> I have modsecurity 2.2.5 with apache 2.2.3 in reverse proxy setup. I
> can create rules for arguments passed directly in URL but my rules are
> not triggered by argument sent by post.
>
> The following rules works well for URL in format
> https://server.com/path_to_file/file.with.dots sent by GET/POST
> methods
> with argument, ie.
> https://server.com/path_to_file/file.with.dots?lng=foo.
> But once I send the argument in body of request, it is not detected on
> server. I tried to play with phase:1, phase:2 in rules but I it gave
> the
>
> same result. I tried also REQUEST_BODY without success. It seems my
> proxy ignore the body of the request. What do I wrong?
>
> Thanks
>
> Kamil
>
>
> My config:
> ----------------
> ProxyRequests Off
>
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> ProxyPreserveHost on
> ProxyPass /path123/ http://127.0.0.3:8080/path123/
>
> SecRuleEngine On
> SecRequestBodyAccess On
> SecResponseBodyAccess Off
> SecRequestBodyInMemoryLimit 131072
> SecRequestBodyLimit 131072
>
> SecDefaultAction "phase:2,log,auditlog,deny,status:500"
>
> SecRule REQUEST_FILENAME "^/path_to_file/file\.with\.dots" \
> "chain,pass,log,auditlog,id:12344001,msg:'Unknown arguments
> ARGS_NAMES=%{ARGS_NAMES}'"
> SecRule ARGS_NAMES "!^(call|page|session)$"
>
> SecRule REQUEST_FILENAME "^/path_to_file/file\.with\.dots" \
> "chain,pass,log,auditlog,id:12344001,msg:'Unknown arguments
> ARGS_NAMES=%{ARGS_NAMES}'"
> SecRule ARGS:lng "!^(cz|en)$"
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
|
