Hi, Within the SLR rules I have came across several joomla rules which all share a similar syntax that looks like a query-string, e.g.
SecRule REQUEST_LINE "@contains /index.php" "chain,phase:2..." > SecRule > ARGS:option=com_joomlub&controller=auction&view=auction&task=edit&aid > "(?i:UNION.+SELECT)" "ctl:auditLog..." In regards to the second part (chained), I wonder if this means: Check if within ARGS, option=comjoomla, and controller=auction and view=auction and task=edit and also do @rx matching for ARGS:aid and "(?i:UNION.+SELECT)" Did i get the meanings of this rule right?
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
