Re: [mod-security-users] Positive security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Positive security
|
From: Ivan R. <iv...@we...> - 2005-06-15 15:51:52
|
Terry Dooher wrote:
>
> Just an aside about the above filters: I'm using a similar model to
> protect a a small service that talks to a custom application. Only POST,
> only one arg (m) and the parameter must at least _look_ like an md5
> hash. My method uses just one regexp on the payload:
>
> SecFilterSelective REQUEST_METHOD "!^(POST)$
> SecFilterSelective POST_PAYLOAD "!^m=[0-9a-f]{32}$"
>
> This works, but am I losing something important by using this one regexp
> instead of specific references to ARGS_NAMES and ARG_m?
No, you're fine.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
