Re: [mod-security-users] Deny if POST Contains
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Deny if POST Contains
|
From: Sachin S. <sac...@ya...> - 2018-01-11 04:43:58
|
Seems mod_security 2.7.3 is not parsing JSON POST. Try to compile new version of json if it works !
- Sachin
On Wednesday, January 10, 2018, 9:51:56 PM GMT+5:30, Sachin Sharma via mod-security-users <mod...@li...> wrote:
Hi All,
I am trying to reject a api call if POST (json format) contains string1. I have enabled
SecRequestBodyAccess On
curl -H "Content-Type: application/json" -k1 -u sachin:testing -X POST http://localhost/wapi/v2.0/record:a -d '{"name": "s2.testzone.com", "ipv4addr":"192.168.10.197","view": "default",}'
New to mod_security test below secrule but nothing worked. Please help !
SecRule ARGS_POST "@contains testzone.com" "id:420008,t:none,deny,log,msg:'Denied'"
Secrule REQUEST_BODY "@contains testzone.com" "id:420009,t:none,deny,log,msg:'Denied'"
- Sachin ------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
|
