How I'd do it :
SecRule SCRIPT_BASENAME "^exportsubscribers\.php$" "allow,chain"
SecRule &ARGS ^1$ chain
SecRule ARGS_GET:reqID "^\d{1,10}$"
SecRule SCRIPT_BASENAME "^exportsubscribers\.php$" "log,deny,auditlog,status:400,msg:'Whitelist entry not found for %{SCRIPT_BASENAME}'"
Will gives :
[Tue Mar 12 13:49:15 2013] [error] [client 192.168.1.2] ModSecurity: Access denied with code 400 (phase 2). Pattern match "^exportsubscribers\\.php$" at SCRIPT_BASENAME. [file "/etc/apache2/conf.d/modsec.conf"] [line "19"] [msg "Whitelist entry not found for exportsubscribers.php"] [hostname "waftest.hackme"] [uri "/exportsubscribers.php"] [unique_id "UT9qm38AAQEAAAYCDcYAAAAB"]
No comments:
Post a Comment