except in mod_security2 rule
I want to make a mod_security2 rule which blocks "select" word in http packet but not "selected"
I've used the rule below but it doesn't act as I like Code:
SecRule REQUEST_URI|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML "@pm |
Mod Security rule for negation
tincboy,
How about this: Code:
SecRule !ARGS selected |
Thanks agentbuzz
The rule you suggested didn't work |
What about following:
Code:
SecRule REQUEST_URI|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML "@pm |
Thanks Valery,
Your sugested rule didn't work either, Do you know what's for that @pm in rule? |
Quote:
I think @pm specified node (or attribute) in XML where to look for the specified keyword. May be rule should looks like: Code:
SecRule REQUEST_URI|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML "@pm" select[^e] or even just Code:
SecRule REQUEST_URI|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML select[^e] |
@pm meaning
tincboy,
@pm is Pattern match! It's an alternative to the "rx" (regular expression) operator. |
Quote:
|
All times are GMT -5. The time now is 08:04 AM. |