2 Jul 05:24
the @pm operator in modsecurity_crs_40_generic_attacks.conf
From: Stephen Craig Evans <stephencraig.evans <at> gmail.com>
Subject: the @pm operator in modsecurity_crs_40_generic_attacks.conf
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-07-02 03:24:59 GMT
Subject: the @pm operator in modsecurity_crs_40_generic_attacks.conf
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-07-02 03:24:59 GMT
Hi, Is there any way to get the @pm operator to match only whole words? I am using the Command Injection rule in modsecurity_crs_40_generic_attacks.conf and it seems there should be a better way. SecRule ARGS "@pm ping id rm ..." ""t:htmlEntityDecode,t:lowercase..." matches: Content-Type: application/x-www-form-urlencoded Name=Sid Destination=shipping Or am I doing something wrong? The reference manual (modsecurity2-apache-reference.pdf) infers that it's a word match. TIA (Thanks In Advance), Stephen ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
RSS Feed