Modsecurity CRS how to deal with field arrays

Çağlar Arlı - 12 Views

Modsecurity CRS how to deal with field arrays

I have a question how to deal with whitelisting field arrays in modsecurity. Currently am doing the following:

... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[0][pdc_faq_answer]"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[1][pdc_faq_answer]"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[2][pdc_faq_answer]"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group[3][pdc_faq_answer]"

Now for WP there is a limited amount of items. But another application has near unlimited fields. As far as I have found there is no way to use regex for the target parameter. I also don't believe it's possible to cut the field parameter short as there is no wildcard at the end of the field.

This wont work for the examples above:

... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group"
... ctl:ruleRemoveTargetById=942510;ARGS:_owc_pdc_faq_group*"

I don't want to drop the field parameter if I don't have to. I would love to hear any suggestions you may have.

P	S	Ç	P	C	C	P
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28

Annanowa

Modsecurity CRS how to deal with field arrays

Modsecurity CRS how to deal with field arrays

Son Yazılar

Son Yorumlar