[mod-security-users] @pmFromFile with exact match?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] @pmFromFile with exact match?
|
From: Reindl H. <h.r...@th...> - 2012-01-25 16:49:25
|
hi
big problem: how do i specify that my filelists should
exactly match and not begin with or contain?
_______________
SecRule ARGS_NAMES "@pmFromFile modsecurity_99_blocked_vars.data"
"phase:1,id:'79',capture,logdata:'%{matched_var}',block,msg:'blocked variable'"
SecRule ARGS_NAMES "@pmFromFile modsecurity_99_blocked_vars.data"
"phase:2,id:'80',capture,logdata:'%{matched_var}',block,msg:'blocked variable'"
modsecurity_99_blocked_vars.data:
ABSPATH
ALTERNATE_TEMPLATES
AUTH_KEY
AUTH_SALT
matches ABSPATH, ABSPATHXXX, HMABSPATH.............
_______________
SecRule ARGS "!^\d{1,7}$" "chain,phase:1,id:'151',capture,logdata:'%{matched_var}',block,msg:'out of range'"
SecRule MATCHED_VARS_NAMES "@pmFromFile modsecurity_99_protected_vars.data"
SecRule ARGS "!^\d{1,7}$" "chain,phase:2,id:'152',capture,logdata:'%{matched_var}',block,msg:'out of range'"
SecRule MATCHED_VARS_NAMES "@pmFromFile modsecurity_99_protected_vars.data"
modsecurity_99_protected_vars.data:
sid
s2id
matches sid, blasidx, hms2id................
|