Thread: [mod-security-users] Match empty OR missing

Brought to you by: victorhora, zimmerletw

mod-security-users

[mod-security-users] Match empty OR missing

From: <az...@po...> - 2020-01-05 18:05:29

Hi,

can someone advice me how to match a POST parameter, which must be  
'empty OR missing' with one exclusive rule? i.e. it's either  
completely not there or is like 'parameter='. Thanks.

azur

Re: [mod-security-users] Match empty OR missing

From: Christian F. <chr...@ne...> - 2020-01-05 19:55:05

On Sun, Jan 05, 2020 at 06:49:21PM +0100, az...@po... wrote:
> Hi,
> 
> can someone advice me how to match a POST parameter, which must be 'empty OR
> missing' with one exclusive rule? i.e. it's either completely not there or
> is like 'parameter='. Thanks.

SecRule ARGS_POST:parameter "!@eq 0" "id:1000,phase:2,deny,t:length"

This is a whitelisting rule that is not executed if the arg "parameter" is
not present. If it is present, then it has to be empty.

If there are multiple occurrences of arg "parameter", the rule blocks too.
(-> HTTP Parameter pollution).

Cheers,

Christian


> 
> azur
> 
> 
> 
> 
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/