While going through rule files i have gathered few questions which I
will appreciate if someone can help me with them.
1) I have seen several cases where setvar is stated without the right
part, e.g.
SecRule TX:'/MISSING_HEADER_/' "TX\:(.*)"
"capture,t:none,setvar:!tx.%{tx.1}"
I wonder what it means, as normally, set is in the form of x = y,
and not x, or !x in this case.
2) There seems to be a typo at line:
SecRule REQUEST_LINE "^GET /$"
"chain,phase:2,id:981020',t:none,pass,nolog"
There is a trailing apostrophe (') after the id
3) Few days ago I asked the following question but yet not got answer for
When I see a rule such as
SecRule ARGS:&category "(?i:SELECT.+FROM)" "ctl:auditLogParts=+..."
I wonder what is the role of the ampersand, before the category, so
far I know, '&' means counting operatoration and usually, it follows
by a numeric operation, e.g. @eq, @ge and alike.
However, this is a case where I see & which followed by an implicit '@rx'
Thanks in advance for your help,
Tzury
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
