Task45Start - POST parameters in the ruleset

See TasksExplained? for more infos about tasks. This task is based on the template at TaskTemplateStart

Status : closed
Category : gui
Date opened : 2007-02-26
Description : POST parameters in the ruleset
Referenced in stories/tasks : WebStatistics Story13Start
Testsuite : 159
Commited revision : rules_generator_test.rb

Remarks :

---

Changelog

2007-03-01 - done

I am using the following rule (example):

  # Strict argument check (make sure the request contains only predefined request arguments)
  SecRule ARGS_NAMES "!^(emailaddress|password)$" "t:none,deny,id:2,status:501,severity:3,msg:'Strict Argumentcheck: At least one request parameter is not predefined for this path.'"

  # Checking argument "emailaddress"
  SecRule &ARGS:emailaddress "@eq 0" "t:none,deny,id:2,status:501,severity:3,msg:'Argument emailaddress is mandatory, but it is not present in request.'"
  SecRule &ARGS:emailaddress "!@eq 0" "chain,t:none,deny,id:2,status:501,severity:3,msg:'Argument emailaddress failed validity check.'"
  SecRule ARGS:emailaddress "!^(.*)$" "t:none"

  # Checking argument "password"
  SecRule &ARGS:password "@eq 0" "t:none,deny,id:2,status:501,severity:3,msg:'Argument password is mandatory, but it is not present in request.'"
  SecRule &ARGS:password "!@eq 0" "chain,t:none,deny,id:2,status:501,severity:3,msg:'Argument password failed validity check.'"
  SecRule ARGS:password "!^(.*)$" "t:none"

This makes the parameters mandatory.