Re: [mod-security-users] Vbulletin 3.5.2 and mod_security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Vbulletin 3.5.2 and mod_security
|
From: Terry D. <tdo...@na...> - 2006-03-14 11:40:49
|
Thomas Behrend wrote: [snip] > > SecFilterSelective THE_REQUEST "\|+.*[\%u20AC].*\|" pass,nolog > This rule will esssentially do nothing at all. pass allows you to log matching entries with actions such as 'log,pass'. Using it on its own or with nolog will do nothing. To explicitly accept a request based on a match, you need to use the allow action: SecFilterSelective THE_REQUEST "\|+.*[\%u20AC].*\|" allow,nolog Of course, you'll have to be careful where exaclty this rule appears. If you put it at the top, then anyone can subvert the reset of your rule set by simply inserting a euro character in their request. It's good practice to put your allow rules right at the bottom of the list. Of course, if one of your other rules triggering a 'deny' on similar content, then the request will never reach this rule and you'll have to figure out some sort of chaining. I can't comment on the regular expression itself, however. I run a vBulletin 3.0 system myself and I curious as to what you're trying to match with the \|+ and \| at either end of it. Terry. |
