ModSecurity and the experimental secrule-config Directive
807567Feb 3 2010 — edited Feb 4 2010Hi!
I am currently playing around with the unsupported secrule-config directive on sjsws 7.
It is very uplifting for us that this directive seems to be a supported element of the upcoming sjsws 7.1, as we need the powers of ModSecurity in our web server installations.
During playing with this directive I struggle using the ARGS variable to validate the input of a named argument in an HTTP POST.
My basic secrule config is:
-----------------------------------------------------
SecRuleEngine On
SecRequestBodyAccess On
SecRequestBodyInMemoryLimit 10000
#Accept only GET and POST
SecDefaultAction deny,log,status:403,phase:1
SecRule REQUEST_METHOD "!^(?:GET|POST)$"
#Don't accept GET with body
SecRule REQUEST_METHOD "^(GET)$" chain
SecRule REQUEST_HEADERS:Content-Length "!^$"
SecRule ARGS "testing"
-----------------------------------------------------
I assumed the following POST would match the secrule:
-----------------------------------------------------
POST /test HTTP/1.1
Host: www.test.no
User-Agent: Mozilla/4.0
Content-Length: 15
Content-Type: application/x-www-form-urlencoded
testing=testing
-----------------------------------------------------
Anyone played around with this directive and made the ARGS stuff work, beacuse I believe I have to read the request body manually before hitting this directive?
Best Regards,
Steffen Fiksdal