[mod-security-users] "Generic" ShellShock Rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] "Generic" ShellShock Rules
|
From: Reindl H. <h.r...@th...> - 2014-09-29 12:21:12
|
well, no whitespaces in var names was a good decision long ago
SecRule REQUEST_COOKIES_NAMES|ARGS_NAMES " "
"id:'76',phase:1,capture,logdata:'%{TX.0}',multiMatch,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhitespace,t:replaceNulls,block,msg:'variable
name contains disallowed whitespace'"
SecRule ARGS_NAMES " "
"id:'85',capture,logdata:'%{TX.0}',multiMatch,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhitespace,t:replaceNulls,block,msg:'variable
name contains disallowed whitespace'"
____________________________________
[Mon Sep 29 13:29:54.645534 2014] [:error] [pid 11876] [client 62.210.75.170] ModSecurity: Access denied with code
400 (phase 1). Pattern match " " at REQUEST_COOKIES_NAMES:() { :. [file
"/etc/httpd/modsecurity.d/99_protected_vars.conf"] [line "15"] [id "76"] [msg "variable name contains disallowed
whitespace"] [data " "] [hostname "kundendomain"] [uri "/cgi-bin-sdb/printenv"] [unique_id "VClCsgoAAAYAAC5knyQAAAAP"]
|
