Detecting Request that uses invalid Encoding using Modsecurity

Posted by Ali Ahmad on Server Fault See other posts from Server Fault or by Ali Ahmad
Published on 2013-06-26T09:12:36Z Indexed on 2013/06/26 10:22 UTC
Read the original article Hit count: 401

I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e.

<Location /index.php>
SecDefaultAction phase:2,t:none,log,deny
# Validate parameter names
SecRule ARGS_NAMES "!^(articleid)$" \
"msg:'Unknown parameter: %{MATCHED_VAR_NAME}'"
# Expecting articleid only once
SecRule &ARGS:articleid "!@eq 1" \
"msg:'Parameter articleid seen more than once'"
# Validate parameter articleid
SecRule ARGS:articleid "!^[0-9]{1,10}$" \
"msg:'Invalid parameter articleid'"
</Location>

The problem is how can i reject requests that use invalid encoding as a global WAF configuration so that this patch cannot be circumvented.

© Server Fault or respective owner

Related posts about mod-security

Related posts about web-applications