Detecting Request that uses invalid Encoding using Modsecurity
Posted
by
Ali Ahmad
on Server Fault
See other posts from Server Fault
or by Ali Ahmad
Published on 2013-06-26T09:12:36Z
Indexed on
2013/06/26
10:22 UTC
Read the original article
Hit count: 401
I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e.
<Location /index.php>
SecDefaultAction phase:2,t:none,log,deny
# Validate parameter names
SecRule ARGS_NAMES "!^(articleid)$" \
"msg:'Unknown parameter: %{MATCHED_VAR_NAME}'"
# Expecting articleid only once
SecRule &ARGS:articleid "!@eq 1" \
"msg:'Parameter articleid seen more than once'"
# Validate parameter articleid
SecRule ARGS:articleid "!^[0-9]{1,10}$" \
"msg:'Invalid parameter articleid'"
</Location>
The problem is how can i reject requests that use invalid encoding as a global WAF configuration so that this patch cannot be circumvented.
© Server Fault or respective owner