[mod-security-users] Deny if POST Contains
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Deny if POST Contains
|
From: Sachin S. <sac...@ya...> - 2018-01-10 16:20:11
|
Hi All,
I am trying to reject a api call if POST (json format) contains string1. I have enabled
SecRequestBodyAccess On
curl -H "Content-Type: application/json" -k1 -u sachin:testing -X POST http://localhost/wapi/v2.0/record:a -d '{"name": "s2.testzone.com", "ipv4addr":"192.168.10.197","view": "default",}'
New to mod_security test below secrule but nothing worked. Please help !
SecRule ARGS_POST "@contains testzone.com" "id:420008,t:none,deny,log,msg:'Denied'"
Secrule REQUEST_BODY "@contains testzone.com" "id:420009,t:none,deny,log,msg:'Denied'"
- Sachin |
