Check your case. It is not clear what default transformation you have. The contains operator will never match "Curl" with the t:lowercase transformation. So by neggating that the rule should always match. You may want to explicitly use t:none.
From: SoFy DeNiro [sofy.guru@...]
Received: 11/24/09 4:37 PM
To: mod-security-users@... [mod-security-users@...]
Subject: [mod-security-users] contains operator
Is there's any reason to NOT use "@contains" operator with "exclamation mark" ?
for example, I want to make a rule to identify if the browser is only using "CURL" and if not, don't complete the request for that file. so I made this rule :
SecRule SCRIPT_FILENAME "/srv/home/userdir/admin\.php$" \ "chain,log,deny,phase:2,t:removeNulls,t:lowercase,"
SecRule REQUEST_HEADERS:User-Agent "!@contains Curl"
but what happen is, if I use CURL it doesn't complete it ! although I'm using the "exclamation mark". and also other browsers !
Get latest updates about Open Source Projects, Conferences and News.