30 Jun 15:58
Re: How to save value of a query string parameterthen use it in Phase 4?
From: Stephen Craig Evans <stephencraig.evans <at> gmail.com>
Subject: Re: How to save value of a query string parameterthen use it in Phase 4?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-30 13:58:07 GMT
Subject: Re: How to save value of a query string parameterthen use it in Phase 4?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-06-30 13:58:07 GMT
Hi, Ryan, you are correct but in this case I have to set this value at the beginning of phase 2, then I'll be accessing it throughout numerous more *.conf files and in both Phases 2 & 4. Christian, that worked. Fantastic. I set it in my init.conf file (that has my global settings), then accessed it correctly in Phase 4 after going through 3 other conf files. I guess I should call it a night. I typed in "setvar:tx:menu" instead of "setvar:tx.menu" and that cost me over an hour of debugging ;-( Thanks guys, Stephen On Mon, Jun 30, 2008 at 9:46 PM, Ryan Barnett <Ryan.Barnett <at> breach.com> wrote: >> -----Original Message----- >> From: mod-security-users-bounces <at> lists.sourceforge.net [mailto:mod- >> security-users-bounces <at> lists.sourceforge.net] On Behalf Of Stephen > Craig >> Evans >> Sent: Monday, June 30, 2008 6:20 AM >> To: mod-security-users <at> lists.sourceforge.net >> Subject: [mod-security-users] How to save value of a query string >> parameterthen use it in Phase 4? >> >> Hi, >> >> This might be easy but it's not clear to me how to do this from >> reading the reference manual (especially 'setvar' and MATCHED_VAR) and >> going through all of the rules files that I have at my disposal. >> >> In Phase 2, I want to save the value of a get query string parameter, >> say "menu=700". >> >> So the rule might start off as: >> SecRule ARGS_GET:menu ... >> >> and somehow I need to set a variable with the value 700. >> >> Then in Phase 4 I want to access the value and invoke a rule if a >> match, otherwise bypass the rule >> SecRule ??? "!@eq 700" "t:none,pass,skip:2" >> SecRule RESPONSE_BODY "..." "phase:4:..." >> > [Ryan Barnett] There are a number of ways to approach these types of > scenarios and I almost always come back to the whole "KISS" principle. > While there are situations where you may need to use setvar or > MATCH_VAR, in this case it seems to me that you could simply run 1 rule > in phase:4. Keep in mind that the data available in the phases are > CUMULATIVE. So, unless you want the option to block on the query sting > data, I would simply move your entire rule to phase 4 and evaluate what > you need there. > > I would need more information about what you are attempting to > accomplish in order to give a template rule. From your example above, > if the menu value is 700, then you want to inspect the response body for > some data? > > > ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
RSS Feed