[mod-security-users] @pmFromFile for blocked vars
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] @pmFromFile for blocked vars
|
From: Reindl H. <h.r...@th...> - 2020-02-17 18:28:44
|
Hi
the rule below needs some love
no hit: ?base_dir=x&x=1
hit: ?base_dir=x
why in the world does that only hit if the url ends with a listed param
and is the some nicer way for "exact macth" than the ***var*** hack?
--------------------------------
SecRule ARGS_NAMES ^(.*)$
"id:'89',chain,setvar:tx.var='***%{matched_var}***',msg:'blocked
variable: %{matched_var}'"
SecRule TX:VAR "@pmFromFile 99_blocked_vars.data"
--------------------------------
99_blocked_vars.data:
***base_dir***
|
