Re: [mod-security-users] mod_security enhancement idea

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

No Ryan that did not work. debug log shows this

   Checking signature "^/mls_fsbo_logon.php$" at REQUEST_URI
 Checking against "/mls_fsbo_logon.php"
 Signature check returned 403
 Chained rule with match, continue in the loop
 Checking against "id=jones1&pw=bob888&userdigit=vmiis&submit=Submit"
 Signature check returned 404
 Access denied with code 404. Pattern match "!^(id|pw|userdigit)=[0-9a-z]$" at POST_PAYLOAD.
 Rule match, returning code 404

  Im thinking this may work

  SecFilterSelective REQUEST_URI "^/mls_fsbo_logon.php$" chain
  SecFilterSelective POST_PAYLOAD "^(id|pw|userdigit)=[0-9a-z]$" allow

  Notice no ! and allow added at end

  What do you think?

Ryan Barnett <rcb...@gm...> wrote:
    On 4/11/06, joe barbish <joe...@ya...> wrote:        

    So question is the following code correct.

  SecFilterSelective REQUEST_URI "^/mls_fsbo_signup.php$"      allow plus
  SecFilterSelective POST_PAYLOAD "(^id=[0-9a-z]$)"                 allow plus
  SecFilterSelective POST_PAYLOAD "(^pw=[0-9a-z]$)"                allow plus
SecFilterSelective POST_PAYLOAD "(^userdigit=[0-9a-z]$)"        allow

  "plus" is not a valid mod_security action.  I would suggest that you use this directive -

  SecFilterSelective REQUEST_URI "^/mls_fsbo_logon.php$" chain
  SecFilterSelective POST_PAYLOAD "!^(id|pw|userdigit)=[0-9a-z]$"

  This should work.  Test it out and let me know.

  -Ryan

---------------------------------
How low will we go? Check out Yahoo! Messengers low  PC-to-Phone call rates.