开发者

modsecurity: SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

Modsecurity question...

What is the REQUEST_METHOD test doing in the following? It appears twice.

SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"


SecRule &REQUEST_HEADERS:Accept "@eq 0" \
    "chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule REQUEST_HEADERS:Accept "^$" \
    "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER开发者_如何学C'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
    "skip:1,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^$" \
    "t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecMarker 969999

Please, don't explain the whole thing, I can read everything else. It looks like the REQUEST_METHOD test, however, is some sort of voodoo...

BTW, the test of the Accept is wrong. The Accept option is not mandatory as per HTTP.


Although the Rule SecRule REQUEST_METHOD "!^OPTIONS$" "t:none" appeared twice but each time it is chained with another rule.

Chain is an action in ModSecurity that combine two or more Rules to form a single Rule.

1st rule is now:

SecRule &REQUEST_HEADERS:Accept "@eq 0" \
   "chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

2nd rule is now:

SecRule REQUEST_HEADERS:Accept "^$" \
    "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜