mod-security2

问题 In modsecurity default-script: base_rules/modsecurity_crs_20_protocol_violations.conf there is a rule, 960011: SecRule REQUEST_METHOD "^(?:GET|HEAD)$" \ "msg:'GET or HEAD Request with Body Content.',\ severity:'2',\ id:'960011',\ ver:'OWASP_CRS/2.2.9',\ rev:'1',\ maturity:'9',\ accuracy:'9',\ phase:1,\ block,\ logdata:'%{matched_var}',\ t:none,\ tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',\ tag:'CAPEC-272',\ chain" SecRule REQUEST_HEADERS:Content-Length "!^0?$"\ "t:none,\ setvar:'tx.msg=%

问题 I just integrated Apache Httpd 2.4.25 with mod_security 2.9.1. And now i got this error messages: /* --ba380000-H-- Message: Error reading request body: Partial results are valid but processing is incomplete Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s Apache-Handler: jakarta-servlet Stopwatch: 1489655290393010 8470749 (- - -) Stopwatch2: 1489655290393010 8470749; combined=0, p1=0, p2=0, p3=0, p4=0, p5=0, sr=0, sw=0, l=0, gc=0 Response

问题 I want to create a mod security2x rule that will block the GET request to a specific URL. for example I want to block the URL with the GET in the header: 'www.test.com' I've never made a rule within modsecurity, and not sure this will work with anomaly detection mode. This would be an example of the GET request: GET/secure/bla/test/etc/ This is what I have so far: SecRule ARGS "www.test.com" phase:2,log,deny,id:'1234',msg:'403 Access Denied' 回答1: You want something like this: SecRule REQUEST