The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod security making trouble with a word

Discussion in 'Security' started by bsasninja, Mar 6, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    I have a rule that restricts "echo" command in mod_security. But this one is blocking also a valid word in spanish called "hecho"

    I have this on my modsec.user.conf

    SecFilterSelective THE_REQUEST "echo"

    but if I write hecho instead of echo in the browser address bar is blocked too, is there a way to whitelist the "hecho" word.

    Examples:

    http://www.mysite.com/page.php?echo -> gives a 406 not acceptable
    http://www.mysite.com/page.php?hecho -> gives a 406 not acceptable

    Thanks
     
  2. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    ModSec rules are regular expressions. Use that to your advantage. Change to this and it should ignore the rule unless "echo" is that the start of the line:

    SecFilterSelective THE_REQUEST "^echo"

    That will match "echo" but not "hecho". It will also match echoing, echoed, echoanything, etc. "echo" has to be at the start of the line. If you wanted the expression to match the end if the string you would put a "$" after it:

    SecFilterSelective THE_REQUEST "echo$"

    That rule would match hecho, blecho, supercalifragiecho, etc. :)

    Read up on regular expressions. They make life (and rules) a whole lot easier!
     
Loading...

Share This Page