[Owasp-training] SecRule

Gokan Atmaca linux.gokan at gmail.com
Fri Apr 24 12:58:32 UTC 2015


I want to block incoming URL request as follows. But it does not work.
What could be the reason?

Example
www.site.com/app//select-iX?request_id=(.*)&selected_ixxx[]=(.*)request_id=(.*)&selected_X%5B%5D=(.*)&selected_xxxx%212aB1000D=(.*)


Rule
SecRule REQUEST_URI|ARGS|REQUEST_BODY
"/select-iX?request_id=(.*)&selected_ixxx[]=(.*)request_id=(.*)&selected_X%5B%5D=(.*)&selected_xxxx%212aB1000D=(.*)"
"phase:1,log,drop,msg:'block'"


More information about the Owasp-training mailing list