30 Jun 15:46
Re: How to save value of a query string parameterthen use it in Phase 4?
From: Ryan Barnett <Ryan.Barnett <at> Breach.com>
Subject: Re: How to save value of a query string parameterthen use it in Phase 4?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-30 13:46:14 GMT
Subject: Re: How to save value of a query string parameterthen use it in Phase 4?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-30 13:46:14 GMT
> -----Original Message----- > From: mod-security-users-bounces <at> lists.sourceforge.net [mailto:mod- > security-users-bounces <at> lists.sourceforge.net] On Behalf Of Stephen Craig > Evans > Sent: Monday, June 30, 2008 6:20 AM > To: mod-security-users <at> lists.sourceforge.net > Subject: [mod-security-users] How to save value of a query string > parameterthen use it in Phase 4? > > Hi, > > This might be easy but it's not clear to me how to do this from > reading the reference manual (especially 'setvar' and MATCHED_VAR) and > going through all of the rules files that I have at my disposal. > > In Phase 2, I want to save the value of a get query string parameter, > say "menu=700". > > So the rule might start off as: > SecRule ARGS_GET:menu ... > > and somehow I need to set a variable with the value 700. > > Then in Phase 4 I want to access the value and invoke a rule if a > match, otherwise bypass the rule > SecRule ??? "!@eq 700" "t:none,pass,skip:2" > SecRule RESPONSE_BODY "..." "phase:4:..." > [Ryan Barnett] There are a number of ways to approach these types of scenarios and I almost always come back to the whole "KISS" principle. While there are situations where you may need to use setvar or MATCH_VAR, in this case it seems to me that you could simply run 1 rule in phase:4. Keep in mind that the data available in the phases are CUMULATIVE. So, unless you want the option to block on the query sting data, I would simply move your entire rule to phase 4 and evaluate what you need there. I would need more information about what you are attempting to accomplish in order to give a template rule. From your example above, if the menu value is 700, then you want to inspect the response body for some data? ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
RSS Feed