[mod-security-users] Making custom rules that use request header and method
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Making custom rules that use request header and method
|
From: Vince <vt...@ms...> - 2007-10-04 21:42:56
|
Hi Everyone, I'm having problems creating deny rules for the following kind of requests: PROPFIND / HTTP/1.1 Depth: 0 translate: f User-Agent: Microsoft-WebDAV-MiniRedir/5.1.2600 I want to create rules to deny and block anything with PROPFIND as the method or "translate: f" in the headers. This is what I have currently in my modsecurity_crs_15_customrules.conf but its not working: SecRule REQUEST_METHOD propfind "phase:1,deny,nolog" SecRule REQUEST_HEADERS_NAMES:translate ^f$ "phase:1,deny,nolog" I've tried variations like capitalizing PROPFIND, putting it in quotes "PROPFIND", using the start and end characters ^propfind$. These rules still keep getting triggered and I get alerts in my console. Any ideas? Thanks! -- Vince | Michael Smith Laboratories Systems Network Manager | University of British Columbia |
