Re: [mod-security-users] Excluding headers that contain a substring
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Excluding headers that contain a substring
|
From: Ervin H. <ai...@gm...> - 2024-12-15 09:14:27
|
Hi Anant,
On Sat, Dec 14, 2024 at 07:05:08PM -0800, Anant Mudambi via mod-security-users wrote:
> Hello,
> Is it possible to write a rule exclusion that finds all headers that have a
> certain string in them and exclude only those headers in subsequent rule?
> Would something like this work?
>
> SecRule REQUEST_HEADERS "@contains select" "...,
> ctl:ruleRemoveTargetById=942032;%{MATCHED_VARS_NAMES}"
Unfortunately not, it's not possible.
Even though Apache allows this syntax (a note: you forget to add
the target to your exclusion, I mean the correct form would be
"...;ctl:ruleRemoveTargetById=942032;REQUEST_HEADERS:%{MATCHED_VARS_NAMES}"),
but when it evaluates it gets "%{MATCHED_VARS_NAMES}" as header
name, not the substituted value.
In case of Nginx its parser does not allow this syntax.
Regards,
a.
|
