Re: [Mod-security-developers] How to filter non-english string
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] How to filter non-english string
|
From: Josh Amishav-Z. <ja...@gm...> - 2011-09-22 08:24:39
|
On Thu, Sep 22, 2011 at 11:06 AM, kong lw <leg...@gm...> wrote: > Hi, > > How can Modsecurity filter non-english string, for example: Japanese, > Chinese? Hi Kong, Yes, Modsecurity can filter non-English character strings. > How to write the filter rule, for example: > > SecRule RESPONSE_BODY "non-english string" "phase:4,t:none,deny" For example, I created the following rule using Hebrew characters in UTF-8: SecRule REQUEST_URI "גגג" phase:2,block,log,auditlog Then sent the following request: echo -e "GET /?גגג HTTP/1.0\n\n"|nc localhost 80 which resulted in: [Thu Sep 22 11:14:19 2011] [error] [client 127.0.0.1] ModSecurity: Access denied with code 500 (phase 2). Pattern match "\\xd7\\x92\\xd7\\x92\\xd7\\x92" at REQUEST_URI. [file "/opt/modsecurity/etc/rules.conf"] [line "5"] [hostname "lab.localdomain"] [uri "/"] [unique_id "TnruW38AAQEAAFhZBC8AAAAF"] -- - Josh |
