Mod Security Rule Question

[Nhojohl]

I'm currently using a custom set of mod security rules that works beautifully, however, one of the rules I added:

Code:

SecRule REQUEST_URI|ARGS "\.txt"

Blocks any attempt to visit any url on the server with .txt in the request uri, it works how I want it to to prevent any remote injection like ht tp://trimedia-online.net/ihmank/id.txt (no thats not my site, it was an attempt that was blocked). However, it blocks bots from reading robots.txt.

Is there any way I can have it block any url with .txt in the REQUEST_URI with the exception of robots.txt? I'm sure there is, I'm just not any good with regex :/

Thanks
- John

[javitox]

hello


Why you block .txt only files ??? RFI attacks could be in any type lie .jpg , .pl etc etc.

In my server I have this rule:


SecFilterSelective THE_REQUEST "=http://"


it block any remote file inclusion =) , because all url lika blah.com/id.php?root_path=http://


will be blocked.

good luck , bye

[Nhojohl]

It's so damn obvious I can't believe I didn't think of it.... Thanks

EDIT: Used the following rules for anyone else who may want to do this with mod_security2

Code:

SecRule REQUEST_URI|ARGS "=http://"
SecRule REQUEST_URI|ARGS "=https://"
SecRule REQUEST_URI|ARGS "=ftp://"