EditAttachPrintable
r1 - 02 Mar 2007 - 13:08:44 - ChristianFoliniYou are here: TWiki >  Documentation Web > ExampleRule

An example rule for a single path

remo version 0.1.2 

<LocationMatch "^/action/submit.php$">
  # Checking request method
  SecRule REQUEST_METHOD "!^POST$" "t:none,deny,id:2,status:501,severity:3,msg:'Request method wrong (it is not POST).'"

  # Strict headercheck (make sure the request contains only predefined request headers)
  SecRule REQUEST_HEADERS_NAMES "!^(Host|Referer|User-Agent|Accept|Accept-Language|Accept-Encoding|Accept-Charset|Keep-Alive|Connection|Cookie|If-Modified-Since|If-None-Match|Cache-Control|Via|X-Forwarded-For|From|Content-Length|Content-Type)$" "t:none,deny,id:2,status:501,severity:3,msg:'Strict headercheck: At least one request header is not predefined for this path.'"

  # Checking request header "Host"
  SecRule &REQUEST_HEADERS:Host "!@eq 0" "chain,t:none,deny,id:2,status:501,severity:3,msg:'Request header Host failed validity check.'"
  SecRule REQUEST_HEADERS:Host "!^(.*)$" "t:none"
  # Checking request header "Referer"
  
  ...

  # Strict argument check (make sure the request contains only predefined request arguments)
  SecRule ARGS_NAMES "!^(emailaddress|password)$" "t:none,deny,id:2,status:501,severity:3,msg:'Strict Argumentcheck: At least one request parameter is not predefined for this path.'"

  # Checking argument "emailaddress"
  SecRule &ARGS:emailaddress "@eq 0" "t:none,deny,id:2,status:501,severity:3,msg:'Argument emailaddress is mandatory, but it is not present in request.'"
  SecRule &ARGS:emailaddress "!@eq 0" "chain,t:none,deny,id:2,status:501,severity:3,msg:'Argument emailaddress failed validity check.'"
  SecRule ARGS:emailaddress "!^(.*)$" "t:none"
  # Checking argument "password"
  SecRule &ARGS:password "@eq 0" "t:none,deny,id:2,status:501,severity:3,msg:'Argument password is mandatory, but it is not present in request.'"
  SecRule &ARGS:password "!@eq 0" "chain,t:none,deny,id:2,status:501,severity:3,msg:'Argument password failed validity check.'"
  SecRule ARGS:password "!^(.*)$" "t:none"

  # All checks passed for this path. Request is allowed.
  SecAction "allow,id:2,t:none,msg:'Request passed all checks, it is thus allowed.'"
</LocationMatch>
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r1 | More topic actions
 

No permission to view WebTopBar?

No permission to view WebBottomBar?