Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: ModSecurity2 - HTTP_Referer |
|
Author |
|
erict
Joined: 22 Jan 2006 Posts: 11 Location: UK
|
Posted: Thu 26 Apr '07 19:28 Post subject: ModSecurity2 - HTTP_Referer |
|
|
Hi. I need to block access to a suggest links page where the referer is blank or is not from my domain. This worked in ModSecurity 1 and Apache 2.0.55:
SecFilterSignatureAction "deny,log,msg:'Suggest link spam/scraping',status:403"
SecFilterSelective HTTP_REFERER "!.*my\.domain\.org.*" chain
SecFilterSelective REQUEST_URI ".*/zzz/suggest_link.php.*"
But this doesn't in ModSecurity 2.1.0 with Apache 2.2.4:
SecDefaultAction "log,deny,status:403,phase:2,t:lowercase"
SecRule HTTP_Referer "!.*my\.domain\.org.*" "chain,msg:'Suggest link spam/scraping'"
SecRule REQUEST_URI ".*/zzz/suggest_link\.php.*"
This bit works on its own:
SecRule REQUEST_URI ".*/zzz/suggest_link\.php.*"
But this doesn't work:
SecRule HTTP_Referer "!.*sarmouni\.dyndns\.org.*"
nor using HTTP_HEADERS:Referer
Nor does this:
SecRule HTTP_Referer "^$"
Any ideas most welcome,
EricT.
Last edited by erict on Fri 27 Apr '07 19:38; edited 1 time in total |
|
Back to top |
|
erict
Joined: 22 Jan 2006 Posts: 11 Location: UK
|
Posted: Thu 26 Apr '07 20:06 Post subject: Re: ModSecurity2 - HTTP_Referer |
|
|
Taking the ! rule negation in the HTTP_Referer line works (though it's not what I need).
EricT. |
|
Back to top |
|
erict
Joined: 22 Jan 2006 Posts: 11 Location: UK
|
|
Back to top |
|
|
|
|
|
|