Re: [mod-security-users] inclusive filter rule set "default deny all mode"

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

joe barbish wrote:
> I added debug level 9 and got a little better understanding of what is 
> happening.
> In testing I got this rule to work.
>  
> SecFilterSelective REQUEST_URI 
> "!^(/mls_fsbo_signup.php|/00.00-web_style_sheet.css|/button.php)$"
>  
> Still the problem is I have 54 scripts to include in this rule and the 
> rule will not get clean syntax if I code it with one script name per 
> contuined line.
> I am running version 1.9.2
> How can I contuine rule across many lines?
>  
> Would coding the rules this way work?
> SecFilterSelective REQUEST_URI "!^/mls_fsbo_signup.php"  plus
> SecFilterSelective REQUEST_URI "!^/0.00-web_style_sheet.css" plus
> SecFilterSelective REQUEST_URI "!^/button.php"
>  do the trick
Yes you can, just use the keyword "chain" to actually chain two or more 
rules together. Check it out at the manual, but the sintax is the
same that you are suggesting, use

SecFilterSelective REQUEST_URI "!^/mls_fsbo_signup.php"  chain
SecFilterSelective REQUEST_URI "!^/0.00-web_style_sheet.css" chain
SecFilterSelective REQUEST_URI "!^/button.php"
...... all the rest ...

With this ruleset, if request does not match any of you provided 
pathnames, it will finally be filtered out (taking action according to 
your action settings).

Regards.

Carles Bonamusa