Re: [mod-security-users] Wrong post trigger
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Wrong post trigger
|
From: Ivan R. <iv...@we...> - 2005-12-16 11:02:03
|
Gerwin Krist -|- Digitalus Webhosting wrote:
> Hey there my fellow list readers. I was testing some new rules (mostly for php
> email injection rules), for this it was required to have ScanPOST on.
>
> I have the following rule:
> SecFilterSelective ARGS_VALUES "(http:/).+(\.txt|\.jpg|\.dat|\.gif|\.jpeg
> \.ini|\:[0-9]{1,9})"
> Which should check for remote locations in server arguments (GET) only right?
No. It checks all arguments, no matter where they are. If you are
only interested in GET try QUERY_STRING.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|