On Sat, Jan 14, 2012 at 2:10 AM, Jonathan McGraw <supp...@jsmcgraw.com> wrote: >>to exclude files ending with .gif, but I probably got these calls wrong >>as regexp isn't my strong side if I say so. Not even sure if I could use >>a regexp there to exclude files with certain extensions? Personally I >>would like to exclude .gif, .png and .jpg as they basically are the only >>ones used for web sites and I can't see any way how requesting an image >>file could cause any harm?
Hi Jonathan and Joakim, There are a few ways to do this. You can use the Apache LocationMatch or FileMatch directive like so: <FilesMatch "\.(gif|jpe?g|png)$"> SecRuleRemoveById 123456 </FilesMatch> The ModSecurity colon operator also allows you to use regular expressions to specify the name to use. For example you can search all arguments that start with the string 'foo' via ARGS:/^foo/. Having said that, not all collections support parameters, REQUEST_FILENAME is one example where parameters are not supported. While that makes sense when using the SecRule directive, it appears to be a useful (missing) feature when used with SecRuleUpdateTargetById. -- - Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
