ModSecurity2 Rule Language, it, security, mod security
[ Pobierz całość w formacie PDF ]
//-->ModSecurity 2Rule LanguageProcessing PhasesModSecurity splits processing into 5 processingphases:1.2.3.4.5.Request HeadersRequest BodyResponse HeadersResponse BodyLoggingThis many phases allow you to decide what youwant to happen at key points of transactionprocessing.ModSecurity 2 Rule Language2 / 30Rule SyntaxThe most used directive isSecRule:SecRule VARIABLES OPERATOR [ACTIONS]This directive will:1. Expand collection variables from the VARIABLESsection.2. Apply the operator as specified in the OPERATORsection to the expanded variables.3. One rule will trigger once for a match in everyvariable.4. A match will either execute the per-rule actions, orperform the default actions.ModSecurity 2 Rule Language3 / 30Simple RuleIn the simplest case:SecRule REQUEST_URI aaaThe above will look for the patternaaain thevariable REQUEST_URI.The pattern is a regular expression.A similar pattern can be written as:SecRule REQUEST_URI b{3}ModSecurity 2 Rule Language4 / 30Multiple Variables As TargetsThere can be any number of variables in theVARIABLES section (separated by pipes):SecRule "REQUEST_URI|QUERY_STRING" \cccConfiguration directives can be split over severallines (that’s an Apache feature) by terminatingthe line with a backslash.The whitespace at the beginning of next line willbecome part of the directive.If you need to have a whitespace use doublequotes to delimit parameter.ModSecurity 2 Rule Language5 / 30
[ Pobierz całość w formacie PDF ]