Re: [mod-security-users] allow only integer for a list of params
Brought to you by:
victorhora,
zimmerletw
From: Reindl H. <h.r...@th...> - 2012-01-12 14:29:06
|
Am 12.01.2012 14:06, schrieb Christian Bockermann: > Ok, here's the story: > > You might want to have IDs, which are exactly 4 digits long, then you > can use a regular expression like > > SecRule ARGS:myIDparam !^\d{4,4}$ "block,phase:2,msg:'not a 4-digit id!'" > > or an ID that ranges from 1 to 999 (3 digits long): > > SecRule ARGS:myIDparam !^\d{1,3}$ "block,phase:2,msg:'not a 1-3 digit ID!'" > > Different "types of integers" was just referring to different lenghts > of your ID parameters. > > The syntax error is probably due to my errorneous specification > of trying to check all parameters in as compact notation as possible, > try with > > SecRule ARGS:sid|ARGS:s2id|ARGS:gi_id \ > !^\d{1,4}$ \ > "phase:2,block,msg:'Not a proper ID value!' thank you, now i understand how this works :-) below my new rules from today, they are in first place to block all requests to database-id's which are non-numeric so that in the most cases sql-injection and generic rules can not be avoided with special inputs # 12.01.2012 SecRule ARGS:hid !^\d{1,4}$ "id:'150',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:shid !^\d{1,4}$ "id:'151',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:sid !^\d{1,7}$ "id:'152',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:s2id !^\d{1,7}$ "id:'153',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:s2sid !^\d{1,7}$ "id:'154',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:gh_id !^\d{1,5}$ "id:'155',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:gs_id !^\d{1,5}$ "id:'156',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:gs_hid !^\d{1,5}$ "id:'157',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:gi_id !^\d{1,5}$ "id:'158',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:gi_sid !^\d{1,5}$ "id:'159',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:cfg_id !^\d{1,7}$ "id:'160',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:ksid !^\d{1,7}$ "id:'161',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:k2sid !^\d{1,7}$ "id:'162',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:ext_id !^\d{1,7}$ "id:'163',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:vgid !^\d{1,7}$ "id:'164',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:vuid !^\d{1,7}$ "id:'165',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:vugid !^\d{1,7}$ "id:'166',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:vvid !^\d{1,7}$ "id:'167',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:vvuid !^\d{1,7}$ "id:'168',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:gid !^\d{1,8}$ "id:'169',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:kid !^\d{1,8}$ "id:'170',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:ds_id !^\d{1,8}$ "id:'171',capture,logdata:'%{matched_var}',block,msg:'out of range'" SecRule ARGS:dbid !^\d{1,8}$ "id:'172',capture,logdata:'%{matched_var}',block,msg:'out of range'" |