[Owasp-modsecurity-core-rule-set] RESPONSE_CONTENT_LENGTH and RESPONSE_HEADERS:Content-Length not work

dreamice dreamice.jiang at gmail.com
Thu Mar 17 01:37:30 EDT 2011


Dear all,

I tested the var RESPONSE_CONTENT_LENGTH and RESPONSE_HEADERS:Content-Length
in phase 3, but it seems that they do not work well.
rules like:
SecRule REQUEST_HEADERS:Content-Length "@gt 150"
"phase:1,t:none,deny,log,auditlog'"
SecRule RESPONSE_HEADERS:Content-Length "@gt 150"
"phase:3,t:none,pass,log,auditlog"

the response content length is  more than 150 bytes, but the rule get no
effects.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20110317/f44e738b/attachment.html 


More information about the Owasp-modsecurity-core-rule-set mailing list