Re: [mod-security-users] My variable seems to never expire...
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] My variable seems to never expire...
|
From: logo <lo...@kr...> - 2020-09-15 20:30:08
|
Hi Ervin, > Am 15.09.2020 um 21:56 schrieb Ervin Hegedüs <ai...@gm...>: > > Hi Mikaël, > > On Tue, Sep 15, 2020 at 08:29:50PM +0200, Mikaël Pirio wrote: > ... > >> SecRule REQUEST_URI "^/api/" \ >> "id:400011,\ >> phase:2,\ >> pass,\ >> nolog,\ >> setvar:'session.api_req_counter=+1',\ >> expirevar:'session.api_req_counter=60'" > ... > >> It works: requests are denied! but they are forever. My >> variable session.api_req_counter is never reseted. > > I didn't checked the logic of the rules, but after the quick view > I assume the expirevar has no effect (it's not implemented). > > Btw it's documented: > > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#expirevar > > "Supported on libModSecurity: TBI" > What does TBI mean? Peter > > a. > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
