ModSecurity2_Rule_Language.pdf

(240 KB) Pobierz

ModSecurity 2

Rule Language

Processing Phases



ModSecurity splits processing into 5 processing

phases:

Request Headers

Request Body

Response Headers

Response Body

Logging



This many phases allow you to decide what you

want to happen at key points of transaction

processing.

ModSecurity 2 Rule Language

2 / 30

Rule Syntax



The most used directive is

SecRule:

SecRule VARIABLES OPERATOR [ACTIONS]



This directive will:

1. Expand collection variables from the VARIABLES

section.

2. Apply the operator as specified in the OPERATOR

section to the expanded variables.

3. One rule will trigger once for a match in every

variable.

4. A match will either execute the per-rule actions, or

perform the default actions.

ModSecurity 2 Rule Language

3 / 30

Simple Rule



In the simplest case:

SecRule REQUEST_URI aaa



The above will look for the pattern

aaa

in the

variable REQUEST_URI.



The pattern is a regular expression.



A similar pattern can be written as:

SecRule REQUEST_URI b{3}



ModSecurity uses PCRE (http://www.pcre.org)

ModSecurity 2 Rule Language

4 / 30

Multiple Variables As Targets



There can be any number of variables in the

VARIABLES section (separated by pipes):

SecRule "REQUEST_URI|QUERY_STRING" \

ccc



Configuration directives can be split over several

lines (that’s an Apache feature) by terminating

the line with a backslash.



The whitespace at the beginning of next line will

become part of the directive.



If you need to have a whitespace use double

quotes to delimit parameter.

ModSecurity 2 Rule Language

5 / 30

Plik z chomika:

xterm

Inne pliki z tego folderu:

ModSecurity2_Rule_Language.pdf (240 KB)
Mod_Security.pdf (4252 KB)
ModSecurity2_Deployment.pdf (814 KB)
ModSecurity_Core_Rules.pdf (1031 KB)
ModSecurity_The_Open_Source_Web_Application_Firewall_Nov2007.pdf (556 KB)

ModSecurity2_Rule_Language.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: