[mod-security-users] checking single parameter value

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello list;
  In my debug log I see this:

  Normalised REQUEST_URI: /mls_verifyemail.php?hash=bGF5YmFja2ppbW15
Parsing arguments...
Adding parameter: [hash][bGF5YmFja2ppbW15]
Checking signature "^/mls_verifyemail.php" at REQUEST_URI
Checking against "/mls_verifyemail.php?hash=bGF5YmFja2ppbW15"
Signature check returned -1
Access allowed based on pattern match "^/mls_verifyemail.php" at REQUEST_URI

  This is the rule which allows the above to pass
  SecFilterSelective REQUEST_URI "^/mls_verifyemail.php"             allow 

  I want to tighten this up by checking that there is only a single parameter value and that its a md5 hash with no bogus stuff inserted
  SecFilterSelective REQUEST_URI "^/mls_verifyemail.php"     chain
  SecFilterSelective QUERY_STRING "^?hash="                     chain
SecFilterSelective ARGS_VALUES "^hash=[0-9a-zA-Z]"        allow

  This errors out. What am I doing wrong?

---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.