: Regex isn't honored in mod_security2 SecRule REQUEST_URI "^/(|(.*)/)(lpt1|lpt2|lpt3|lpt4)(/|.|?|$)" "t:none,t:htmlEntityDecode,t:lowercase,t:removeWhitespace,block,msg:'X',id:'1000'" SecRule REQUEST_URI "^(.*)//(.*)$"
SecRule REQUEST_URI "^/(|(.*)/)(lpt1|lpt2|lpt3|lpt4)(/|.|?|$)" "t:none,t:htmlEntityDecode,t:lowercase,t:removeWhitespace,block,msg:'X',id:'1000'"
SecRule REQUEST_URI "^(.*)//(.*)$" "t:none,t:removeWhitespace,block,msg:'X',id:'1001'"
These 2 things won't work as expected. Other rules are working fine.
I want to block something like: hxxp:||my.domain.com
// (too many slash, NOT blocked)
/////////// (too many slash, NOT blocked)
/lpt1 (Apache returns 403, NOT from modsec. Error log: "Forbidden: (web-dir)/lpt1 doesn't point to a file or directory")
/lpt1/blah (Apache returns 403, NOT from modsec. "doesn't point to a file or directory")
/somedir/lpt4.txt (Same as above)
/somedir/lpt4 (Same as above)
/somedir/////// (* SUCCESSFULLY blocked)
I believe these regular expressions are OK, so I really want to know why mod_security2 won't block these requests.
I want to block using mod_sec2, not Apache.
Windows Test Web server | mod_sec2 | Apache 2.4
More posts by @Heady270
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.