[mod-security-users] Advanced filtering
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Advanced filtering
|
From: Katsuharu W. <ml...@pa...> - 2005-02-08 10:05:40
|
Hi all, I have some trouble. (1) I want to block some meta-characters on request paramaters except that named test1, but I can't filter "&" and "=" well. --- My configuration --- SecFilterSelective "ARGS_NAMES|ARGS_VALUES|!ARG_test1" "[&]" deny,log SecFilterSelective "ARGS_NAMES|ARGS_VALUES|!ARG_test1" "[=]" deny,log In detail, when the request have a paramater only test1, it's work fine. But the paramaters are more, any requests are blocked. For example, I access bellow URL. http://www.example.com/index.html?test1=111&test2=222&test3=333 This case is checking against "test2=222&test3=333". (found this from debug-log.) I want to evaluate "222" and "333", but I have no idea. (2) How do SecFilterSelective's location match the whole request including headers? That's maybe, SecFilterSelective "THE_REQUEST|POST_PAYLOAD|HTTP_Host|HTTP_User-Agent|(...more and more headers context)" foo deny,log But this is very hard... I want more easy and simple configuration like Output filter, SecFilterSelective INPUT foo deny,log What do you think? -- Katsuharu Watanabe Key fingerprint = 121E AC94 AD99 C468 9E02 C868 827B D767 058A E62E |
