[mod-security-users] Issue with multi-string rule
Brought to you by:
victorhora,
zimmerletw
From: Bit H. <bit...@gm...> - 2013-01-06 11:53:10
|
Hello, An old ver of ModSec (2.5.9) and an even older Apache (I know, I know..). Trying to set a new very basic SecRule, in a completely new conf file, no base rules activated or anything: SecRule REQUEST_URI|ARGS|REQUEST_BODY "select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|delete+from|into|table|database|index|view""t:lowercase,log,deny,msg:'SQL Injection - NewRule4'" I.e, what I what it do to is to deny any URL with select or grant or ... AND from or into or ... afterwards. That works, kind of : http://url/select * from is blocked but so is http://url/selectme and just http://url/select It completely ignores that part after the plus sign. What am I missing here? Thanks, Bit |