[Owasp-modsecurity-core-rule-set] few questions in regards to rules
Tzury Bar Yochay
tzury.by at reguluslabs.com
Tue Dec 6 21:31:30 EST 2011
While going through rule files i have gathered few questions which I
will appreciate if someone can help me with them.
1) I have seen several cases where setvar is stated without the right
SecRule TX:'/MISSING_HEADER_/' "TX\:(.*)"
I wonder what it means, as normally, set is in the form of x = y,
and not x, or !x in this case.
2) There seems to be a typo at line:
SecRule REQUEST_LINE "^GET /$"
There is a trailing apostrophe (') after the id
3) Few days ago I asked the following question but yet not got answer for
When I see a rule such as
SecRule ARGS:&category "(?i:SELECT.+FROM)" "ctl:auditLogParts=+..."
I wonder what is the role of the ampersand, before the category, so
far I know, '&' means counting operatoration and usually, it follows
by a numeric operation, e.g. @eq, @ge and alike.
However, this is a case where I see & which followed by an implicit '@rx'
Thanks in advance for your help,
More information about the Owasp-modsecurity-core-rule-set