Detecting Request that uses invalid Encoding using Modsecurity
- by Ali Ahmad
I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e.
<Location /index.php>
SecDefaultAction phase:2,t:none,log,deny
# Validate parameter names
SecRule ARGS_NAMES "!^(articleid)$" \
"msg:'Unknown parameter: %{MATCHED_VAR_NAME}'"
# Expecting articleid only once
SecRule &ARGS:articleid…