| @@ -32,7 +32,6 @@
NULL,
};
-static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *var);
static apr_status_t msre_parse_targets(msre_ruleset *ruleset, const char *text,
apr_array_header_t *arr, char **error_msg);
static char *msre_generate_target_string(apr_pool_t *pool, msre_rule *rule);
@@ -44,117 +43,6 @@
/* -- Actions, variables, functions and operator functions ----------------- */
-static int fetch_target_exception(msre_rule *rule, modsec_rec *msr, msre_var *var) {
- const char *targets = NULL, *exceptions = NULL;
- char *savedptr = NULL, *target = NULL, *value = NULL;
- char *c = NULL, *name = NULL, *id = NULL;
- char *variable = NULL, *myvar = NULL;
- char *myvalue = NULL, *myname = NULL;
- const apr_array_header_t *tarr = NULL;
- const apr_table_entry_t *telts = NULL;
- int i, match = 0;
-
- if(msr == NULL)
- return 0;
-
- if(var == NULL)
- return 0;
-
- if(rule == NULL)
- return 0;
-
- if(rule->actionset == NULL)
- return 0;
-
- if(rule->actionset->id !=NULL) {
-
- myvar = apr_pstrdup(msr->mp, var->name);
-
- c = strchr(myvar,':');
-
- if(c != NULL) {
- myname = apr_strtok(myvar,":",&myvalue);
- } else {
- myname = myvar;
- }
-
- tarr = apr_table_elts(msr->removed_targets);
- telts = (const apr_table_entry_t*)tarr->elts;
-
- match = 0;
- for (i = 0; i < tarr->nelts; i++) {
- id = (char *)telts[i].key;
-
- if(strcasecmp(id, rule->actionset->id) == 0) {
- exceptions = (char *)telts[i].val;
-
- targets = apr_pstrdup(msr->mp, exceptions);
-
- if(targets != NULL) {
- if (msr->txcfg->debuglog_level >= 9) {
- msr_log(msr, 9, "fetch_target_exception: Found exception target list [%s] for rule id %s", targets, rule->actionset->id);
- }
-
- target = apr_strtok((char *)targets, ",", &savedptr);
-
- while(target != NULL) {
-
- variable = apr_pstrdup(msr->mp, target);
-
- c = strchr(variable,':');
-
- if(c != NULL) {
- name = apr_strtok(variable,":",&value);
- } else {
- name = variable;
- value = NULL;
- }
-
- if((strlen(myname) == strlen(name)) &&
- (strncasecmp(myname, name,strlen(myname)) == 0)) {
-
- if(value != NULL && myvalue != NULL) {
- if((strlen(myvalue) == strlen(value)) &&
- strncasecmp(myvalue,value,strlen(myvalue)) == 0) {
- if (msr->txcfg->debuglog_level >= 9) {
- msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
- }
- match = 1;
- }
- } else if (value == NULL && myvalue == NULL) {
- if (msr->txcfg->debuglog_level >= 9) {
- msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
- }
- match = 1;
- } else if (value == NULL && myvalue != NULL) {
- if (msr->txcfg->debuglog_level >= 9) {
- msr_log(msr, 9, "fetch_target_exception: Target %s will not be processed.", target);
- }
- match = 1;
- }
- }
-
- target = apr_strtok(NULL, ",", &savedptr);
- }
- } else {
- if (msr->txcfg->debuglog_level >= 9) {
- msr_log(msr, 9, "fetch_target_exception: No exception target found for rule id %s.", rule->actionset->id);
-
- }
- }
-
- }
-
- }
-
- }
-
- if(match == 1)
- return 1;
-
- return 0;
-}
-
char *update_rule_target(cmd_parms *cmd, directory_config *dcfg,
msre_ruleset *rset, const char *p1, const char *p2, const char *p3)
{
@@ -169,7 +57,7 @@
int name_len = 0, value_len = 0;
char *name = NULL, *value = NULL;
char *opt = NULL, *param = NULL;
- int i, rc, match = 0, var_appended = 0;
+ int i, rc, match = 0;
int offset = 0;
if(p1 == NULL || p2 == NULL || (dcfg == NULL && rset == NULL)) {
@@ -237,25 +125,21 @@
targets = (msre_var **)rule->targets->elts;
// TODO need a good way to remove the element from array, maybe change array by tables or rings
for (i = 0; i < rule->targets->nelts; i++) {
- if((strlen(targets[i]->name) == strlen(name)) &&
+ if((strlen(targets[i]->name) == strlen(name)) &&
(strncasecmp(targets[i]->name,name,strlen(targets[i]->name)) == 0) &&
(targets[i]->is_negated == is_negated) &&
(targets[i]->is_counting == is_counting)) {
if(value != NULL && targets[i]->param != NULL) {
if((strlen(targets[i]->param) == strlen(value)) &&
- strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
+ strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
memset(targets[i]->name,0,strlen(targets[i]->name));
memset(targets[i]->param,0,strlen(targets[i]->param));
match = 1;
- targets[i]->is_counting = 0;
- targets[i]->is_negated = 1;
}
} else if (value == NULL && targets[i]->param == NULL){
memset(targets[i]->name,0,strlen(targets[i]->name));
match = 1;
- targets[i]->is_counting = 0;
- targets[i]->is_negated = 1;
} else
continue;
@@ -273,7 +157,6 @@
if (rc < 0) {
goto end;
}
- var_appended = 1;
} else {
goto end;
}
@@ -326,7 +209,7 @@
if(value != NULL && targets[i]->param != NULL) {
if((strlen(targets[i]->param) == strlen(value)) &&
- strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
+ strncasecmp(targets[i]->param,value,strlen(targets[i]->param)) == 0) {
match = 1;
}
} else if (value == NULL && targets[i]->param == NULL){
@@ -342,22 +225,21 @@
target = NULL;
}
+
if(match == 0 ) {
rc = msre_parse_targets(ruleset, p, rule->targets, &my_error_msg);
if (rc < 0) {
goto end;
}
- var_appended = 1;
}
}
p = apr_strtok(NULL,",",&savedptr);
}
- if(var_appended == 1) {
+ if(match == 0) {
curr_targets = msre_generate_target_string(ruleset->mp, rule);
rule->unparsed = msre_rule_generate_unparsed(ruleset->mp, rule, curr_targets, NULL, NULL);
- rule->p1 = apr_pstrdup(ruleset->mp, curr_targets);
}
end:
@@ -2273,24 +2155,10 @@
full_varname = var->name;
}
- rc = fetch_target_exception(rule, msr, var);
-
- if(rc > 0) {
-
- if (msr->txcfg->debuglog_level >= 4) {
- msr_log(msr, 4, "Executing operator \"%s%s\" with param \"%s\" against %s skipped.",
- (rule->op_negated ? "!" : ""), rule->op_name,
- log_escape(msr->mp, rule->op_param), full_varname);
- }
-
- return RULE_NO_MATCH;
-
- }
-
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Executing operator \"%s%s\" with param \"%s\" against %s.",
- (rule->op_negated ? "!" : ""), rule->op_name,
- log_escape(msr->mp, rule->op_param), full_varname);
+ (rule->op_negated ? "!" : ""), rule->op_name,
+ log_escape(msr->mp, rule->op_param), full_varname);
}
if (msr->txcfg->debuglog_level >= 9) {
@@ -2385,8 +2253,8 @@
}
/* Keep track of the highest severity matched so far */
- if ((acting_actionset->severity > 0) && (acting_actionset->severity < msr->highest_severity)
- && !rule->actionset->is_chained) {
+ if ((acting_actionset->severity > 0) && (acting_actionset->severity < msr->highest_severity))
+ {
msr->highest_severity = acting_actionset->severity;
}
|
| @@ -9,30 +9,26 @@
<meta name="generator" content="MediaWiki 1.15.1">
<meta name="robots" content="noindex,follow">
<meta name="keywords" content="Reference Manual">
- <link rel="alternate" type="application/x-wiki" title="Edit"
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit">
- <link rel="edit" title="Edit"
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit">
- <link rel="shortcut icon" href="https://sourceforge.net/favicon.ico">
+ <link rel="shortcut icon" href="http://sourceforge.net/favicon.ico">
<link rel="search" type="application/opensearchdescription+xml"
-href="https://sourceforge.net/apps/mediawiki/mod-security/opensearch_desc.php"
+href="http://sourceforge.net/apps/mediawiki/mod-security/opensearch_desc.php"
title="mod-security (en)">
<link rel="alternate" type="application/rss+xml" title="mod-security
RSS Feed"
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=rss">
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=rss">
<link rel="alternate" type="application/atom+xml" title="mod-security
Atom Feed"
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=atom">
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges&feed=atom">
<title>SourceForge.net: Reference Manual - mod-security</title>
<link rel="stylesheet" href="Reference_Manual_files/commonPrint.css"
type="text/css">
- <link rel="stylesheet" href="Reference_Manual_files/index_002.css"
+ <link rel="stylesheet" href="Reference_Manual_files/index_003.css"
type="text/css">
<link rel="stylesheet" href="Reference_Manual_files/index.css"
type="text/css">
<link rel="stylesheet" href="Reference_Manual_files/index_004.css"
type="text/css">
- <link rel="stylesheet" href="Reference_Manual_files/index_003.css"
+ <link rel="stylesheet" href="Reference_Manual_files/index_002.css"
type="text/css">
<!--[if lt IE 7]><script type="text/javascript" src="/apps/mediawiki/mod-security/skins/common/IEFixes.js?207"></script>
<meta http-equiv="imagetoolbar" content="no" /><![endif]-->
@@ -45,7 +41,7 @@
var wgScript = "/apps/mediawiki/mod-security/index.php";
var wgVariantArticlePath = false;
var wgActionPaths = {};
- var wgServer = "https://sourceforge.net";
+ var wgServer = "http://sourceforge.net";
var wgCanonicalNamespace = "";
var wgCanonicalSpecialPageName = false;
var wgNamespaceNumber = 0;
@@ -54,12 +50,12 @@
var wgAction = "view";
var wgArticleId = "12";
var wgIsArticle = true;
- var wgUserName = "Brenosilva";
- var wgUserGroups = ["admin", "editor", "*", "user", "autoconfirmed"];
+ var wgUserName = null;
+ var wgUserGroups = null;
var wgUserLanguage = "en";
var wgContentLanguage = "en";
var wgBreakFrames = false;
- var wgCurRevisionId = 507;
+ var wgCurRevisionId = 444;
var wgVersion = "1.15.1";
var wgEnableAPI = true;
var wgEnableWriteAPI = true;
@@ -67,13 +63,11 @@
var wgDigitTransformTable = ["", ""];
var wgRestrictionEdit = [];
var wgRestrictionMove = [];
- var wgAjaxWatch = {"watchMsg": "Watch", "unwatchMsg": "Unwatch", "watchingMsg": "Watching…", "unwatchingMsg": "Unwatching…"};
/*]]>*/</script>
<script type="text/javascript" src="Reference_Manual_files/wikibits.js"><!-- wikibits js --></script>
<!-- Head Scripts -->
<script type="text/javascript" src="Reference_Manual_files/ajax.js"></script>
- <script type="text/javascript" src="Reference_Manual_files/ajaxwatch.js"></script>
<script type="text/javascript" src="Reference_Manual_files/index.php"><!-- site js --></script>
@@ -100,9 +94,9 @@
class="tocnumber">1</span> <span class="toctext">ModSecurity® Reference
Manual</span></a>
<ul>
-<li class="toclevel-2"><a href="#Current_as_of_v2.5.13_v2.6_and_v2.7"><span
- class="tocnumber">1.1</span> <span class="toctext">Current as of
-v2.5.13 v2.6 and v2.7</span></a>
+<li class="toclevel-2"><a href="#Current_as_of_v2.5.13_and_v2.6"><span
+class="tocnumber">1.1</span> <span class="toctext">Current as of v2.5.13
+ and v2.6</span></a>
<ul>
<li class="toclevel-3"><a
href="#Copyright_.C2.A9_2004-2011_Trustwave_Holdings.2C_Inc."><span
@@ -250,116 +244,98 @@
class="tocnumber">6.20</span> <span class="toctext">SecDefaultAction</span></a></li>
<li class="toclevel-2"><a href="#SecDisableBackendCompression"><span
class="tocnumber">6.21</span> <span class="toctext">SecDisableBackendCompression</span></a></li>
-<li class="toclevel-2"><a href="#SecEncryptionEngine"><span
-class="tocnumber">6.22</span> <span class="toctext">SecEncryptionEngine</span></a></li>
-<li class="toclevel-2"><a href="#SecEncryptionKey"><span
-class="tocnumber">6.23</span> <span class="toctext">SecEncryptionKey</span></a></li>
-<li class="toclevel-2"><a href="#SecEncryptionParam"><span
-class="tocnumber">6.24</span> <span class="toctext">SecEncryptionParam</span></a></li>
-<li class="toclevel-2"><a href="#SecEncryptionMethodRx"><span
-class="tocnumber">6.25</span> <span class="toctext">SecEncryptionMethodRx</span></a></li>
-<li class="toclevel-2"><a href="#SecEncryptionMethodPm"><span
-class="tocnumber">6.26</span> <span class="toctext">SecEncryptionMethodPm</span></a></li>
-<li class="toclevel-2"><a href="#SecGeoLookupDb"><span class="tocnumber">6.27</span>
+<li class="toclevel-2"><a href="#SecGeoLookupDb"><span class="tocnumber">6.22</span>
<span class="toctext">SecGeoLookupDb</span></a></li>
-<li class="toclevel-2"><a href="#SecGsbLookupDb"><span class="tocnumber">6.28</span>
+<li class="toclevel-2"><a href="#SecGsbLookupDb"><span class="tocnumber">6.23</span>
<span class="toctext">SecGsbLookupDb</span></a></li>
-<li class="toclevel-2"><a href="#SecGuardianLog"><span class="tocnumber">6.29</span>
+<li class="toclevel-2"><a href="#SecGuardianLog"><span class="tocnumber">6.24</span>
<span class="toctext">SecGuardianLog</span></a></li>
-<li class="toclevel-2"><a href="#SecHttpBlKey"><span class="tocnumber">6.30</span>
+<li class="toclevel-2"><a href="#SecHttpBlKey"><span class="tocnumber">6.25</span>
<span class="toctext">SecHttpBlKey</span></a></li>
<li class="toclevel-2"><a href="#SecInterceptOnError"><span
-class="tocnumber">6.31</span> <span class="toctext">SecInterceptOnError</span></a></li>
-<li class="toclevel-2"><a href="#SecMarker"><span class="tocnumber">6.32</span>
+class="tocnumber">6.26</span> <span class="toctext">SecInterceptOnError</span></a></li>
+<li class="toclevel-2"><a href="#SecMarker"><span class="tocnumber">6.27</span>
<span class="toctext">SecMarker</span></a></li>
<li class="toclevel-2"><a href="#SecPcreMatchLimit"><span
-class="tocnumber">6.33</span> <span class="toctext">SecPcreMatchLimit</span></a></li>
+class="tocnumber">6.28</span> <span class="toctext">SecPcreMatchLimit</span></a></li>
<li class="toclevel-2"><a href="#SecPcreMatchLimitRecursion"><span
-class="tocnumber">6.34</span> <span class="toctext">SecPcreMatchLimitRecursion</span></a></li>
-<li class="toclevel-2"><a href="#SecPdfProtect"><span class="tocnumber">6.35</span>
+class="tocnumber">6.29</span> <span class="toctext">SecPcreMatchLimitRecursion</span></a></li>
+<li class="toclevel-2"><a href="#SecPdfProtect"><span class="tocnumber">6.30</span>
<span class="toctext">SecPdfProtect</span></a></li>
<li class="toclevel-2"><a href="#SecPdfProtectMethod"><span
-class="tocnumber">6.36</span> <span class="toctext">SecPdfProtectMethod</span></a></li>
+class="tocnumber">6.31</span> <span class="toctext">SecPdfProtectMethod</span></a></li>
<li class="toclevel-2"><a href="#SecPdfProtectSecret"><span
-class="tocnumber">6.37</span> <span class="toctext">SecPdfProtectSecret</span></a></li>
+class="tocnumber">6.32</span> <span class="toctext">SecPdfProtectSecret</span></a></li>
<li class="toclevel-2"><a href="#SecPdfProtectTimeout"><span
-class="tocnumber">6.38</span> <span class="toctext">SecPdfProtectTimeout</span></a></li>
+class="tocnumber">6.33</span> <span class="toctext">SecPdfProtectTimeout</span></a></li>
<li class="toclevel-2"><a href="#SecPdfProtectTokenName"><span
-class="tocnumber">6.39</span> <span class="toctext">SecPdfProtectTokenName</span></a></li>
+class="tocnumber">6.34</span> <span class="toctext">SecPdfProtectTokenName</span></a></li>
<li class="toclevel-2"><a href="#SecReadStateLimit"><span
-class="tocnumber">6.40</span> <span class="toctext">SecReadStateLimit</span></a></li>
-<li class="toclevel-2"><a href="#SecSensorId"><span class="tocnumber">6.41</span>
- <span class="toctext">SecSensorId</span></a></li>
+class="tocnumber">6.35</span> <span class="toctext">SecReadStateLimit</span></a></li>
<li class="toclevel-2"><a href="#SecWriteStateLimit"><span
-class="tocnumber">6.42</span> <span class="toctext">SecWriteStateLimit</span></a></li>
+class="tocnumber">6.36</span> <span class="toctext">SecWriteStateLimit</span></a></li>
<li class="toclevel-2"><a href="#SecRequestBodyAccess"><span
-class="tocnumber">6.43</span> <span class="toctext">SecRequestBodyAccess</span></a></li>
+class="tocnumber">6.37</span> <span class="toctext">SecRequestBodyAccess</span></a></li>
<li class="toclevel-2"><a href="#SecRequestBodyInMemoryLimit"><span
-class="tocnumber">6.44</span> <span class="toctext">SecRequestBodyInMemoryLimit</span></a></li>
+class="tocnumber">6.38</span> <span class="toctext">SecRequestBodyInMemoryLimit</span></a></li>
<li class="toclevel-2"><a href="#SecRequestBodyLimit"><span
-class="tocnumber">6.45</span> <span class="toctext">SecRequestBodyLimit</span></a></li>
+class="tocnumber">6.39</span> <span class="toctext">SecRequestBodyLimit</span></a></li>
<li class="toclevel-2"><a href="#SecRequestBodyNoFilesLimit"><span
-class="tocnumber">6.46</span> <span class="toctext">SecRequestBodyNoFilesLimit</span></a></li>
+class="tocnumber">6.40</span> <span class="toctext">SecRequestBodyNoFilesLimit</span></a></li>
<li class="toclevel-2"><a href="#SecRequestBodyLimitAction"><span
-class="tocnumber">6.47</span> <span class="toctext">SecRequestBodyLimitAction</span></a></li>
+class="tocnumber">6.41</span> <span class="toctext">SecRequestBodyLimitAction</span></a></li>
<li class="toclevel-2"><a href="#SecResponseBodyLimit"><span
-class="tocnumber">6.48</span> <span class="toctext">SecResponseBodyLimit</span></a></li>
+class="tocnumber">6.42</span> <span class="toctext">SecResponseBodyLimit</span></a></li>
<li class="toclevel-2"><a href="#SecResponseBodyLimitAction"><span
-class="tocnumber">6.49</span> <span class="toctext">SecResponseBodyLimitAction</span></a></li>
+class="tocnumber">6.43</span> <span class="toctext">SecResponseBodyLimitAction</span></a></li>
<li class="toclevel-2"><a href="#SecResponseBodyMimeType"><span
-class="tocnumber">6.50</span> <span class="toctext">SecResponseBodyMimeType</span></a></li>
+class="tocnumber">6.44</span> <span class="toctext">SecResponseBodyMimeType</span></a></li>
<li class="toclevel-2"><a href="#SecResponseBodyMimeTypesClear"><span
-class="tocnumber">6.51</span> <span class="toctext">SecResponseBodyMimeTypesClear</span></a></li>
+class="tocnumber">6.45</span> <span class="toctext">SecResponseBodyMimeTypesClear</span></a></li>
<li class="toclevel-2"><a href="#SecResponseBodyAccess"><span
-class="tocnumber">6.52</span> <span class="toctext">SecResponseBodyAccess</span></a></li>
-<li class="toclevel-2"><a href="#SecRule"><span class="tocnumber">6.53</span>
+class="tocnumber">6.46</span> <span class="toctext">SecResponseBodyAccess</span></a></li>
+<li class="toclevel-2"><a href="#SecRule"><span class="tocnumber">6.47</span>
<span class="toctext">SecRule</span></a></li>
<li class="toclevel-2"><a href="#SecRuleInheritance"><span
-class="tocnumber">6.54</span> <span class="toctext">SecRuleInheritance</span></a></li>
-<li class="toclevel-2"><a href="#SecRuleEngine"><span class="tocnumber">6.55</span>
+class="tocnumber">6.48</span> <span class="toctext">SecRuleInheritance</span></a></li>
+<li class="toclevel-2"><a href="#SecRuleEngine"><span class="tocnumber">6.49</span>
<span class="toctext">SecRuleEngine</span></a></li>
-<li class="toclevel-2"><a href="#SecRulePerfTime"><span
-class="tocnumber">6.56</span> <span class="toctext">SecRulePerfTime</span></a></li>
<li class="toclevel-2"><a href="#SecRuleRemoveById"><span
-class="tocnumber">6.57</span> <span class="toctext">SecRuleRemoveById</span></a></li>
+class="tocnumber">6.50</span> <span class="toctext">SecRuleRemoveById</span></a></li>
<li class="toclevel-2"><a href="#SecRuleRemoveByMsg"><span
-class="tocnumber">6.58</span> <span class="toctext">SecRuleRemoveByMsg</span></a></li>
+class="tocnumber">6.51</span> <span class="toctext">SecRuleRemoveByMsg</span></a></li>
<li class="toclevel-2"><a href="#SecRuleRemoveByTag"><span
-class="tocnumber">6.59</span> <span class="toctext">SecRuleRemoveByTag</span></a></li>
-<li class="toclevel-2"><a href="#SecRuleScript"><span class="tocnumber">6.60</span>
+class="tocnumber">6.52</span> <span class="toctext">SecRuleRemoveByTag</span></a></li>
+<li class="toclevel-2"><a href="#SecRuleScript"><span class="tocnumber">6.53</span>
<span class="toctext">SecRuleScript</span></a></li>
<li class="toclevel-2"><a href="#SecRuleUpdateActionById"><span
-class="tocnumber">6.61</span> <span class="toctext">SecRuleUpdateActionById</span></a></li>
+class="tocnumber">6.54</span> <span class="toctext">SecRuleUpdateActionById</span></a></li>
<li class="toclevel-2"><a href="#SecRuleUpdateTargetById"><span
-class="tocnumber">6.62</span> <span class="toctext">SecRuleUpdateTargetById</span></a></li>
-<li class="toclevel-2"><a href="#SecRuleUpdateTargetByMsg"><span
-class="tocnumber">6.63</span> <span class="toctext">SecRuleUpdateTargetByMsg</span></a></li>
-<li class="toclevel-2"><a href="#SecRuleUpdateTargetByTag"><span
-class="tocnumber">6.64</span> <span class="toctext">SecRuleUpdateTargetByTag</span></a></li>
+class="tocnumber">6.55</span> <span class="toctext">SecRuleUpdateTargetById</span></a></li>
<li class="toclevel-2"><a href="#SecServerSignature"><span
-class="tocnumber">6.65</span> <span class="toctext">SecServerSignature</span></a></li>
+class="tocnumber">6.56</span> <span class="toctext">SecServerSignature</span></a></li>
<li class="toclevel-2"><a href="#SecStreamInBodyInspection"><span
-class="tocnumber">6.66</span> <span class="toctext">SecStreamInBodyInspection</span></a></li>
+class="tocnumber">6.57</span> <span class="toctext">SecStreamInBodyInspection</span></a></li>
<li class="toclevel-2"><a href="#SecStreamOutBodyInspection"><span
-class="tocnumber">6.67</span> <span class="toctext">SecStreamOutBodyInspection</span></a></li>
-<li class="toclevel-2"><a href="#SecTmpDir"><span class="tocnumber">6.68</span>
+class="tocnumber">6.58</span> <span class="toctext">SecStreamOutBodyInspection</span></a></li>
+<li class="toclevel-2"><a href="#SecTmpDir"><span class="tocnumber">6.59</span>
<span class="toctext">SecTmpDir</span></a></li>
<li class="toclevel-2"><a href="#SecUnicodeMapFile"><span
-class="tocnumber">6.69</span> <span class="toctext">SecUnicodeMapFile</span></a></li>
+class="tocnumber">6.60</span> <span class="toctext">SecUnicodeMapFile</span></a></li>
<li class="toclevel-2"><a href="#SecUnicodeCodePage"><span
-class="tocnumber">6.70</span> <span class="toctext">SecUnicodeCodePage</span></a></li>
-<li class="toclevel-2"><a href="#SecUploadDir"><span class="tocnumber">6.71</span>
+class="tocnumber">6.61</span> <span class="toctext">SecUnicodeCodePage</span></a></li>
+<li class="toclevel-2"><a href="#SecUploadDir"><span class="tocnumber">6.62</span>
<span class="toctext">SecUploadDir</span></a></li>
<li class="toclevel-2"><a href="#SecUploadFileLimit"><span
-class="tocnumber">6.72</span> <span class="toctext">SecUploadFileLimit</span></a></li>
+class="tocnumber">6.63</span> <span class="toctext">SecUploadFileLimit</span></a></li>
<li class="toclevel-2"><a href="#SecUploadFileMode"><span
-class="tocnumber">6.73</span> <span class="toctext">SecUploadFileMode</span></a></li>
+class="tocnumber">6.64</span> <span class="toctext">SecUploadFileMode</span></a></li>
<li class="toclevel-2"><a href="#SecUploadKeepFiles"><span
-class="tocnumber">6.74</span> <span class="toctext">SecUploadKeepFiles</span></a></li>
-<li class="toclevel-2"><a href="#SecWebAppId"><span class="tocnumber">6.75</span>
+class="tocnumber">6.65</span> <span class="toctext">SecUploadKeepFiles</span></a></li>
+<li class="toclevel-2"><a href="#SecWebAppId"><span class="tocnumber">6.66</span>
<span class="toctext">SecWebAppId</span></a></li>
<li class="toclevel-2"><a href="#SecCollectionTimeout"><span
-class="tocnumber">6.76</span> <span class="toctext">SecCollectionTimeout</span></a></li>
+class="tocnumber">6.67</span> <span class="toctext">SecCollectionTimeout</span></a></li>
</ul>
</li>
<li class="toclevel-1"><a href="#Processing_Phases"><span
@@ -451,131 +427,127 @@
<span class="toctext">PERF_PHASE4</span></a></li>
<li class="toclevel-2"><a href="#PERF_PHASE5"><span class="tocnumber">8.35</span>
<span class="toctext">PERF_PHASE5</span></a></li>
-<li class="toclevel-2"><a href="#PERF_RULES"><span class="tocnumber">8.36</span>
- <span class="toctext">PERF_RULES</span></a></li>
-<li class="toclevel-2"><a href="#PERF_SREAD"><span class="tocnumber">8.37</span>
+<li class="toclevel-2"><a href="#PERF_SREAD"><span class="tocnumber">8.36</span>
<span class="toctext">PERF_SREAD</span></a></li>
-<li class="toclevel-2"><a href="#PERF_SWRITE"><span class="tocnumber">8.38</span>
+<li class="toclevel-2"><a href="#PERF_SWRITE"><span class="tocnumber">8.37</span>
<span class="toctext">PERF_SWRITE</span></a></li>
-<li class="toclevel-2"><a href="#QUERY_STRING"><span class="tocnumber">8.39</span>
+<li class="toclevel-2"><a href="#QUERY_STRING"><span class="tocnumber">8.38</span>
<span class="toctext">QUERY_STRING</span></a></li>
-<li class="toclevel-2"><a href="#REMOTE_ADDR"><span class="tocnumber">8.40</span>
+<li class="toclevel-2"><a href="#REMOTE_ADDR"><span class="tocnumber">8.39</span>
<span class="toctext">REMOTE_ADDR</span></a></li>
-<li class="toclevel-2"><a href="#REMOTE_HOST"><span class="tocnumber">8.41</span>
+<li class="toclevel-2"><a href="#REMOTE_HOST"><span class="tocnumber">8.40</span>
<span class="toctext">REMOTE_HOST</span></a></li>
-<li class="toclevel-2"><a href="#REMOTE_PORT"><span class="tocnumber">8.42</span>
+<li class="toclevel-2"><a href="#REMOTE_PORT"><span class="tocnumber">8.41</span>
<span class="toctext">REMOTE_PORT</span></a></li>
-<li class="toclevel-2"><a href="#REMOTE_USER"><span class="tocnumber">8.43</span>
+<li class="toclevel-2"><a href="#REMOTE_USER"><span class="tocnumber">8.42</span>
<span class="toctext">REMOTE_USER</span></a></li>
-<li class="toclevel-2"><a href="#REQBODY_ERROR"><span class="tocnumber">8.44</span>
+<li class="toclevel-2"><a href="#REQBODY_ERROR"><span class="tocnumber">8.43</span>
<span class="toctext">REQBODY_ERROR</span></a></li>
<li class="toclevel-2"><a href="#REQBODY_ERROR_MSG"><span
-class="tocnumber">8.45</span> <span class="toctext">REQBODY_ERROR_MSG</span></a></li>
+class="tocnumber">8.44</span> <span class="toctext">REQBODY_ERROR_MSG</span></a></li>
<li class="toclevel-2"><a href="#REQBODY_PROCESSOR"><span
-class="tocnumber">8.46</span> <span class="toctext">REQBODY_PROCESSOR</span></a></li>
+class="tocnumber">8.45</span> <span class="toctext">REQBODY_PROCESSOR</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_BASENAME"><span
-class="tocnumber">8.47</span> <span class="toctext">REQUEST_BASENAME</span></a></li>
-<li class="toclevel-2"><a href="#REQUEST_BODY"><span class="tocnumber">8.48</span>
+class="tocnumber">8.46</span> <span class="toctext">REQUEST_BASENAME</span></a></li>
+<li class="toclevel-2"><a href="#REQUEST_BODY"><span class="tocnumber">8.47</span>
<span class="toctext">REQUEST_BODY</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_BODY_LENGTH"><span
-class="tocnumber">8.49</span> <span class="toctext">REQUEST_BODY_LENGTH</span></a></li>
+class="tocnumber">8.48</span> <span class="toctext">REQUEST_BODY_LENGTH</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_COOKIES"><span
-class="tocnumber">8.50</span> <span class="toctext">REQUEST_COOKIES</span></a></li>
+class="tocnumber">8.49</span> <span class="toctext">REQUEST_COOKIES</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_COOKIES_NAMES"><span
-class="tocnumber">8.51</span> <span class="toctext">REQUEST_COOKIES_NAMES</span></a></li>
+class="tocnumber">8.50</span> <span class="toctext">REQUEST_COOKIES_NAMES</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_FILENAME"><span
-class="tocnumber">8.52</span> <span class="toctext">REQUEST_FILENAME</span></a></li>
+class="tocnumber">8.51</span> <span class="toctext">REQUEST_FILENAME</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_HEADERS"><span
-class="tocnumber">8.53</span> <span class="toctext">REQUEST_HEADERS</span></a></li>
+class="tocnumber">8.52</span> <span class="toctext">REQUEST_HEADERS</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_HEADERS_NAMES"><span
-class="tocnumber">8.54</span> <span class="toctext">REQUEST_HEADERS_NAMES</span></a></li>
-<li class="toclevel-2"><a href="#REQUEST_LINE"><span class="tocnumber">8.55</span>
+class="tocnumber">8.53</span> <span class="toctext">REQUEST_HEADERS_NAMES</span></a></li>
+<li class="toclevel-2"><a href="#REQUEST_LINE"><span class="tocnumber">8.54</span>
<span class="toctext">REQUEST_LINE</span></a></li>
-<li class="toclevel-2"><a href="#REQUEST_METHOD"><span class="tocnumber">8.56</span>
+<li class="toclevel-2"><a href="#REQUEST_METHOD"><span class="tocnumber">8.55</span>
<span class="toctext">REQUEST_METHOD</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_PROTOCOL"><span
-class="tocnumber">8.57</span> <span class="toctext">REQUEST_PROTOCOL</span></a></li>
-<li class="toclevel-2"><a href="#REQUEST_URI"><span class="tocnumber">8.58</span>
+class="tocnumber">8.56</span> <span class="toctext">REQUEST_PROTOCOL</span></a></li>
+<li class="toclevel-2"><a href="#REQUEST_URI"><span class="tocnumber">8.57</span>
<span class="toctext">REQUEST_URI</span></a></li>
<li class="toclevel-2"><a href="#REQUEST_URI_RAW"><span
-class="tocnumber">8.59</span> <span class="toctext">REQUEST_URI_RAW</span></a></li>
-<li class="toclevel-2"><a href="#RESPONSE_BODY"><span class="tocnumber">8.60</span>
+class="tocnumber">8.58</span> <span class="toctext">REQUEST_URI_RAW</span></a></li>
+<li class="toclevel-2"><a href="#RESPONSE_BODY"><span class="tocnumber">8.59</span>
<span class="toctext">RESPONSE_BODY</span></a></li>
<li class="toclevel-2"><a href="#RESPONSE_CONTENT_LENGTH"><span
-class="tocnumber">8.61</span> <span class="toctext">RESPONSE_CONTENT_LENGTH</span></a></li>
+class="tocnumber">8.60</span> <span class="toctext">RESPONSE_CONTENT_LENGTH</span></a></li>
<li class="toclevel-2"><a href="#RESPONSE_CONTENT_TYPE"><span
-class="tocnumber">8.62</span> <span class="toctext">RESPONSE_CONTENT_TYPE</span></a></li>
+class="tocnumber">8.61</span> <span class="toctext">RESPONSE_CONTENT_TYPE</span></a></li>
<li class="toclevel-2"><a href="#RESPONSE_HEADERS"><span
-class="tocnumber">8.63</span> <span class="toctext">RESPONSE_HEADERS</span></a></li>
+class="tocnumber">8.62</span> <span class="toctext">RESPONSE_HEADERS</span></a></li>
<li class="toclevel-2"><a href="#RESPONSE_HEADERS_NAMES"><span
-class="tocnumber">8.64</span> <span class="toctext">RESPONSE_HEADERS_NAMES</span></a></li>
+class="tocnumber">8.63</span> <span class="toctext">RESPONSE_HEADERS_NAMES</span></a></li>
<li class="toclevel-2"><a href="#RESPONSE_PROTOCOL"><span
-class="tocnumber">8.65</span> <span class="toctext">RESPONSE_PROTOCOL</span></a></li>
+class="tocnumber">8.64</span> <span class="toctext">RESPONSE_PROTOCOL</span></a></li>
<li class="toclevel-2"><a href="#RESPONSE_STATUS"><span
-class="tocnumber">8.66</span> <span class="toctext">RESPONSE_STATUS</span></a></li>
-<li class="toclevel-2"><a href="#RULE"><span class="tocnumber">8.67</span>
+class="tocnumber">8.65</span> <span class="toctext">RESPONSE_STATUS</span></a></li>
+<li class="toclevel-2"><a href="#RULE"><span class="tocnumber">8.66</span>
<span class="toctext">RULE</span></a></li>
<li class="toclevel-2"><a href="#SCRIPT_BASENAME"><span
-class="tocnumber">8.68</span> <span class="toctext">SCRIPT_BASENAME</span></a></li>
+class="tocnumber">8.67</span> <span class="toctext">SCRIPT_BASENAME</span></a></li>
<li class="toclevel-2"><a href="#SCRIPT_FILENAME"><span
-class="tocnumber">8.69</span> <span class="toctext">SCRIPT_FILENAME</span></a></li>
-<li class="toclevel-2"><a href="#SCRIPT_GID"><span class="tocnumber">8.70</span>
+class="tocnumber">8.68</span> <span class="toctext">SCRIPT_FILENAME</span></a></li>
+<li class="toclevel-2"><a href="#SCRIPT_GID"><span class="tocnumber">8.69</span>
<span class="toctext">SCRIPT_GID</span></a></li>
<li class="toclevel-2"><a href="#SCRIPT_GROUPNAME"><span
-class="tocnumber">8.71</span> <span class="toctext">SCRIPT_GROUPNAME</span></a></li>
-<li class="toclevel-2"><a href="#SCRIPT_MODE"><span class="tocnumber">8.72</span>
+class="tocnumber">8.70</span> <span class="toctext">SCRIPT_GROUPNAME</span></a></li>
+<li class="toclevel-2"><a href="#SCRIPT_MODE"><span class="tocnumber">8.71</span>
<span class="toctext">SCRIPT_MODE</span></a></li>
-<li class="toclevel-2"><a href="#SCRIPT_UID"><span class="tocnumber">8.73</span>
+<li class="toclevel-2"><a href="#SCRIPT_UID"><span class="tocnumber">8.72</span>
<span class="toctext">SCRIPT_UID</span></a></li>
<li class="toclevel-2"><a href="#SCRIPT_USERNAME"><span
-class="tocnumber">8.74</span> <span class="toctext">SCRIPT_USERNAME</span></a></li>
-<li class="toclevel-2"><a href="#SERVER_ADDR"><span class="tocnumber">8.75</span>
+class="tocnumber">8.73</span> <span class="toctext">SCRIPT_USERNAME</span></a></li>
+<li class="toclevel-2"><a href="#SERVER_ADDR"><span class="tocnumber">8.74</span>
<span class="toctext">SERVER_ADDR</span></a></li>
-<li class="toclevel-2"><a href="#SERVER_NAME"><span class="tocnumber">8.76</span>
+<li class="toclevel-2"><a href="#SERVER_NAME"><span class="tocnumber">8.75</span>
<span class="toctext">SERVER_NAME</span></a></li>
-<li class="toclevel-2"><a href="#SERVER_PORT"><span class="tocnumber">8.77</span>
+<li class="toclevel-2"><a href="#SERVER_PORT"><span class="tocnumber">8.76</span>
<span class="toctext">SERVER_PORT</span></a></li>
-<li class="toclevel-2"><a href="#SESSION"><span class="tocnumber">8.78</span>
+<li class="toclevel-2"><a href="#SESSION"><span class="tocnumber">8.77</span>
<span class="toctext">SESSION</span></a></li>
-<li class="toclevel-2"><a href="#SESSIONID"><span class="tocnumber">8.79</span>
+<li class="toclevel-2"><a href="#SESSIONID"><span class="tocnumber">8.78</span>
<span class="toctext">SESSIONID</span></a></li>
<li class="toclevel-2"><a href="#STREAM_INPUT_BODY"><span
-class="tocnumber">8.80</span> <span class="toctext">STREAM_INPUT_BODY</span></a></li>
+class="tocnumber">8.79</span> <span class="toctext">STREAM_INPUT_BODY</span></a></li>
<li class="toclevel-2"><a href="#STREAM_OUTPUT_BODY"><span
-class="tocnumber">8.81</span> <span class="toctext">STREAM_OUTPUT_BODY</span></a></li>
-<li class="toclevel-2"><a href="#TIME"><span class="tocnumber">8.82</span>
+class="tocnumber">8.80</span> <span class="toctext">STREAM_OUTPUT_BODY</span></a></li>
+<li class="toclevel-2"><a href="#TIME"><span class="tocnumber">8.81</span>
<span class="toctext">TIME</span></a></li>
-<li class="toclevel-2"><a href="#TIME_DAY"><span class="tocnumber">8.83</span>
+<li class="toclevel-2"><a href="#TIME_DAY"><span class="tocnumber">8.82</span>
<span class="toctext">TIME_DAY</span></a></li>
-<li class="toclevel-2"><a href="#TIME_EPOCH"><span class="tocnumber">8.84</span>
+<li class="toclevel-2"><a href="#TIME_EPOCH"><span class="tocnumber">8.83</span>
<span class="toctext">TIME_EPOCH</span></a></li>
-<li class="toclevel-2"><a href="#TIME_HOUR"><span class="tocnumber">8.85</span>
+<li class="toclevel-2"><a href="#TIME_HOUR"><span class="tocnumber">8.84</span>
<span class="toctext">TIME_HOUR</span></a></li>
-<li class="toclevel-2"><a href="#TIME_MIN"><span class="tocnumber">8.86</span>
+<li class="toclevel-2"><a href="#TIME_MIN"><span class="tocnumber">8.85</span>
<span class="toctext">TIME_MIN</span></a></li>
-<li class="toclevel-2"><a href="#TIME_MON"><span class="tocnumber">8.87</span>
+<li class="toclevel-2"><a href="#TIME_MON"><span class="tocnumber">8.86</span>
<span class="toctext">TIME_MON</span></a></li>
-<li class="toclevel-2"><a href="#TIME_SEC"><span class="tocnumber">8.88</span>
+<li class="toclevel-2"><a href="#TIME_SEC"><span class="tocnumber">8.87</span>
<span class="toctext">TIME_SEC</span></a></li>
-<li class="toclevel-2"><a href="#TIME_WDAY"><span class="tocnumber">8.89</span>
+<li class="toclevel-2"><a href="#TIME_WDAY"><span class="tocnumber">8.88</span>
<span class="toctext">TIME_WDAY</span></a></li>
-<li class="toclevel-2"><a href="#TIME_YEAR"><span class="tocnumber">8.90</span>
+<li class="toclevel-2"><a href="#TIME_YEAR"><span class="tocnumber">8.89</span>
<span class="toctext">TIME_YEAR</span></a></li>
-<li class="toclevel-2"><a href="#TX"><span class="tocnumber">8.91</span>
+<li class="toclevel-2"><a href="#TX"><span class="tocnumber">8.90</span>
<span class="toctext">TX</span></a></li>
-<li class="toclevel-2"><a href="#UNIQUE_ID"><span class="tocnumber">8.92</span>
+<li class="toclevel-2"><a href="#UNIQUE_ID"><span class="tocnumber">8.91</span>
<span class="toctext">UNIQUE_ID</span></a></li>
<li class="toclevel-2"><a href="#URLENCODED_ERROR"><span
-class="tocnumber">8.93</span> <span class="toctext">URLENCODED_ERROR</span></a></li>
-<li class="toclevel-2"><a href="#USERID"><span class="tocnumber">8.94</span>
+class="tocnumber">8.92</span> <span class="toctext">URLENCODED_ERROR</span></a></li>
+<li class="toclevel-2"><a href="#USERID"><span class="tocnumber">8.93</span>
<span class="toctext">USERID</span></a></li>
-<li class="toclevel-2"><a href="#USERAGENT_IP"><span class="tocnumber">8.95</span>
- <span class="toctext">USERAGENT_IP</span></a></li>
-<li class="toclevel-2"><a href="#WEBAPPID"><span class="tocnumber">8.96</span>
+<li class="toclevel-2"><a href="#WEBAPPID"><span class="tocnumber">8.94</span>
<span class="toctext">WEBAPPID</span></a></li>
<li class="toclevel-2"><a href="#WEBSERVER_ERROR_LOG"><span
-class="tocnumber">8.97</span> <span class="toctext">WEBSERVER_ERROR_LOG</span></a></li>
-<li class="toclevel-2"><a href="#XML"><span class="tocnumber">8.98</span>
+class="tocnumber">8.95</span> <span class="toctext">WEBSERVER_ERROR_LOG</span></a></li>
+<li class="toclevel-2"><a href="#XML"><span class="tocnumber">8.96</span>
<span class="toctext">XML</span></a></li>
</ul>
</li>
@@ -656,99 +628,91 @@
<li class="toclevel-1"><a href="#Actions"><span class="tocnumber">10</span>
<span class="toctext">Actions</span></a>
<ul>
-<li class="toclevel-2"><a href="#accuracy"><span class="tocnumber">10.1</span>
- <span class="toctext">accuracy</span></a></li>
-<li class="toclevel-2"><a href="#allow"><span class="tocnumber">10.2</span>
+<li class="toclevel-2"><a href="#allow"><span class="tocnumber">10.1</span>
<span class="toctext">allow</span></a></li>
-<li class="toclevel-2"><a href="#append"><span class="tocnumber">10.3</span>
+<li class="toclevel-2"><a href="#append"><span class="tocnumber">10.2</span>
<span class="toctext">append</span></a></li>
-<li class="toclevel-2"><a href="#auditlog"><span class="tocnumber">10.4</span>
+<li class="toclevel-2"><a href="#auditlog"><span class="tocnumber">10.3</span>
<span class="toctext">auditlog</span></a></li>
-<li class="toclevel-2"><a href="#block"><span class="tocnumber">10.5</span>
+<li class="toclevel-2"><a href="#block"><span class="tocnumber">10.4</span>
<span class="toctext">block</span></a></li>
-<li class="toclevel-2"><a href="#capture"><span class="tocnumber">10.6</span>
+<li class="toclevel-2"><a href="#capture"><span class="tocnumber">10.5</span>
<span class="toctext">capture</span></a></li>
-<li class="toclevel-2"><a href="#chain"><span class="tocnumber">10.7</span>
+<li class="toclevel-2"><a href="#chain"><span class="tocnumber">10.6</span>
<span class="toctext">chain</span></a></li>
-<li class="toclevel-2"><a href="#ctl"><span class="tocnumber">10.8</span>
+<li class="toclevel-2"><a href="#ctl"><span class="tocnumber">10.7</span>
<span class="toctext">ctl</span></a></li>
-<li class="toclevel-2"><a href="#deny"><span class="tocnumber">10.9</span>
+<li class="toclevel-2"><a href="#deny"><span class="tocnumber">10.8</span>
<span class="toctext">deny</span></a></li>
-<li class="toclevel-2"><a href="#deprecatevar"><span class="tocnumber">10.10</span>
+<li class="toclevel-2"><a href="#deprecatevar"><span class="tocnumber">10.9</span>
<span class="toctext">deprecatevar</span></a></li>
-<li class="toclevel-2"><a href="#drop"><span class="tocnumber">10.11</span>
+<li class="toclevel-2"><a href="#drop"><span class="tocnumber">10.10</span>
<span class="toctext">drop</span></a></li>
-<li class="toclevel-2"><a href="#exec"><span class="tocnumber">10.12</span>
+<li class="toclevel-2"><a href="#exec"><span class="tocnumber">10.11</span>
<span class="toctext">exec</span></a></li>
-<li class="toclevel-2"><a href="#expirevar"><span class="tocnumber">10.13</span>
+<li class="toclevel-2"><a href="#expirevar"><span class="tocnumber">10.12</span>
<span class="toctext">expirevar</span></a></li>
-<li class="toclevel-2"><a href="#id"><span class="tocnumber">10.14</span>
+<li class="toclevel-2"><a href="#id"><span class="tocnumber">10.13</span>
<span class="toctext">id</span></a></li>
-<li class="toclevel-2"><a href="#initcol"><span class="tocnumber">10.15</span>
+<li class="toclevel-2"><a href="#initcol"><span class="tocnumber">10.14</span>
<span class="toctext">initcol</span></a></li>
-<li class="toclevel-2"><a href="#log"><span class="tocnumber">10.16</span>
+<li class="toclevel-2"><a href="#log"><span class="tocnumber">10.15</span>
<span class="toctext">log</span></a></li>
-<li class="toclevel-2"><a href="#logdata"><span class="tocnumber">10.17</span>
+<li class="toclevel-2"><a href="#logdata"><span class="tocnumber">10.16</span>
<span class="toctext">logdata</span></a></li>
-<li class="toclevel-2"><a href="#maturity"><span class="tocnumber">10.18</span>
- <span class="toctext">maturity</span></a></li>
-<li class="toclevel-2"><a href="#msg"><span class="tocnumber">10.19</span>
+<li class="toclevel-2"><a href="#msg"><span class="tocnumber">10.17</span>
<span class="toctext">msg</span></a></li>
-<li class="toclevel-2"><a href="#multiMatch"><span class="tocnumber">10.20</span>
+<li class="toclevel-2"><a href="#multiMatch"><span class="tocnumber">10.18</span>
<span class="toctext">multiMatch</span></a></li>
-<li class="toclevel-2"><a href="#noauditlog"><span class="tocnumber">10.21</span>
+<li class="toclevel-2"><a href="#noauditlog"><span class="tocnumber">10.19</span>
<span class="toctext">noauditlog</span></a></li>
-<li class="toclevel-2"><a href="#nolog"><span class="tocnumber">10.22</span>
+<li class="toclevel-2"><a href="#nolog"><span class="tocnumber">10.20</span>
<span class="toctext">nolog</span></a></li>
-<li class="toclevel-2"><a href="#pass"><span class="tocnumber">10.23</span>
+<li class="toclevel-2"><a href="#pass"><span class="tocnumber">10.21</span>
<span class="toctext">pass</span></a></li>
-<li class="toclevel-2"><a href="#pause"><span class="tocnumber">10.24</span>
+<li class="toclevel-2"><a href="#pause"><span class="tocnumber">10.22</span>
<span class="toctext">pause</span></a></li>
-<li class="toclevel-2"><a href="#phase"><span class="tocnumber">10.25</span>
+<li class="toclevel-2"><a href="#phase"><span class="tocnumber">10.23</span>
<span class="toctext">phase</span></a></li>
-<li class="toclevel-2"><a href="#prepend"><span class="tocnumber">10.26</span>
+<li class="toclevel-2"><a href="#prepend"><span class="tocnumber">10.24</span>
<span class="toctext">prepend</span></a></li>
-<li class="toclevel-2"><a href="#proxy"><span class="tocnumber">10.27</span>
+<li class="toclevel-2"><a href="#proxy"><span class="tocnumber">10.25</span>
<span class="toctext">proxy</span></a></li>
-<li class="toclevel-2"><a href="#redirect"><span class="tocnumber">10.28</span>
+<li class="toclevel-2"><a href="#redirect"><span class="tocnumber">10.26</span>
<span class="toctext">redirect</span></a></li>
-<li class="toclevel-2"><a href="#rev"><span class="tocnumber">10.29</span>
+<li class="toclevel-2"><a href="#rev"><span class="tocnumber">10.27</span>
<span class="toctext">rev</span></a></li>
-<li class="toclevel-2"><a href="#sanitiseArg"><span class="tocnumber">10.30</span>
+<li class="toclevel-2"><a href="#sanitiseArg"><span class="tocnumber">10.28</span>
<span class="toctext">sanitiseArg</span></a></li>
<li class="toclevel-2"><a href="#sanitiseMatched"><span
-class="tocnumber">10.31</span> <span class="toctext">sanitiseMatched</span></a></li>
+class="tocnumber">10.29</span> <span class="toctext">sanitiseMatched</span></a></li>
<li class="toclevel-2"><a href="#sanitiseMatchedBytes"><span
-class="tocnumber">10.32</span> <span class="toctext">sanitiseMatchedBytes</span></a></li>
+class="tocnumber">10.30</span> <span class="toctext">sanitiseMatchedBytes</span></a></li>
<li class="toclevel-2"><a href="#sanitiseRequestHeader"><span
-class="tocnumber">10.33</span> <span class="toctext">sanitiseRequestHeader</span></a></li>
+class="tocnumber">10.31</span> <span class="toctext">sanitiseRequestHeader</span></a></li>
<li class="toclevel-2"><a href="#sanitiseResponseHeader"><span
-class="tocnumber">10.34</span> <span class="toctext">sanitiseResponseHeader</span></a></li>
-<li class="toclevel-2"><a href="#severity"><span class="tocnumber">10.35</span>
+class="tocnumber">10.32</span> <span class="toctext">sanitiseResponseHeader</span></a></li>
+<li class="toclevel-2"><a href="#severity"><span class="tocnumber">10.33</span>
<span class="toctext">severity</span></a></li>
-<li class="toclevel-2"><a href="#setuid"><span class="tocnumber">10.36</span>
+<li class="toclevel-2"><a href="#setuid"><span class="tocnumber">10.34</span>
<span class="toctext">setuid</span></a></li>
-<li class="toclevel-2"><a href="#setrsc"><span class="tocnumber">10.37</span>
- <span class="toctext">setrsc</span></a></li>
-<li class="toclevel-2"><a href="#setsid"><span class="tocnumber">10.38</span>
+<li class="toclevel-2"><a href="#setsid"><span class="tocnumber">10.35</span>
<span class="toctext">setsid</span></a></li>
-<li class="toclevel-2"><a href="#setenv"><span class="tocnumber">10.39</span>
+<li class="toclevel-2"><a href="#setenv"><span class="tocnumber">10.36</span>
<span class="toctext">setenv</span></a></li>
-<li class="toclevel-2"><a href="#setvar"><span class="tocnumber">10.40</span>
+<li class="toclevel-2"><a href="#setvar"><span class="tocnumber">10.37</span>
<span class="toctext">setvar</span></a></li>
-<li class="toclevel-2"><a href="#skip"><span class="tocnumber">10.41</span>
+<li class="toclevel-2"><a href="#skip"><span class="tocnumber">10.38</span>
<span class="toctext">skip</span></a></li>
-<li class="toclevel-2"><a href="#skipAfter"><span class="tocnumber">10.42</span>
+<li class="toclevel-2"><a href="#skipAfter"><span class="tocnumber">10.39</span>
<span class="toctext">skipAfter</span></a></li>
-<li class="toclevel-2"><a href="#status"><span class="tocnumber">10.43</span>
+<li class="toclevel-2"><a href="#status"><span class="tocnumber">10.40</span>
<span class="toctext">status</span></a></li>
-<li class="toclevel-2"><a href="#t"><span class="tocnumber">10.44</span>
+<li class="toclevel-2"><a href="#t"><span class="tocnumber">10.41</span>
<span class="toctext">t</span></a></li>
-<li class="toclevel-2"><a href="#tag"><span class="tocnumber">10.45</span>
+<li class="toclevel-2"><a href="#tag"><span class="tocnumber">10.42</span>
<span class="toctext">tag</span></a></li>
-<li class="toclevel-2"><a href="#ver"><span class="tocnumber">10.46</span>
- <span class="toctext">ver</span></a></li>
-<li class="toclevel-2"><a href="#xmlns"><span class="tocnumber">10.47</span>
+<li class="toclevel-2"><a href="#xmlns"><span class="tocnumber">10.43</span>
<span class="toctext">xmlns</span></a></li>
</ul>
</li>
@@ -759,67 +723,59 @@
<span class="toctext">beginsWith</span></a></li>
<li class="toclevel-2"><a href="#contains"><span class="tocnumber">11.2</span>
<span class="toctext">contains</span></a></li>
-<li class="toclevel-2"><a href="#containsWord"><span class="tocnumber">11.3</span>
- <span class="toctext">containsWord</span></a></li>
-<li class="toclevel-2"><a href="#endsWith"><span class="tocnumber">11.4</span>
+<li class="toclevel-2"><a href="#endsWith"><span class="tocnumber">11.3</span>
<span class="toctext">endsWith</span></a></li>
-<li class="toclevel-2"><a href="#eq"><span class="tocnumber">11.5</span>
+<li class="toclevel-2"><a href="#eq"><span class="tocnumber">11.4</span>
<span class="toctext">eq</span></a></li>
-<li class="toclevel-2"><a href="#ge"><span class="tocnumber">11.6</span>
+<li class="toclevel-2"><a href="#ge"><span class="tocnumber">11.5</span>
<span class="toctext">ge</span></a></li>
-<li class="toclevel-2"><a href="#geoLookup"><span class="tocnumber">11.7</span>
+<li class="toclevel-2"><a href="#geoLookup"><span class="tocnumber">11.6</span>
<span class="toctext">geoLookup</span></a></li>
-<li class="toclevel-2"><a href="#gsbLookup"><span class="tocnumber">11.8</span>
+<li class="toclevel-2"><a href="#gsbLookup"><span class="tocnumber">11.7</span>
<span class="toctext">gsbLookup</span></a></li>
-<li class="toclevel-2"><a href="#gt"><span class="tocnumber">11.9</span>
+<li class="toclevel-2"><a href="#gt"><span class="tocnumber">11.8</span>
<span class="toctext">gt</span></a></li>
-<li class="toclevel-2"><a href="#inspectFile"><span class="tocnumber">11.10</span>
+<li class="toclevel-2"><a href="#inspectFile"><span class="tocnumber">11.9</span>
<span class="toctext">inspectFile</span></a></li>
-<li class="toclevel-2"><a href="#ipMatch"><span class="tocnumber">11.11</span>
+<li class="toclevel-2"><a href="#ipMatch"><span class="tocnumber">11.10</span>
<span class="toctext">ipMatch</span></a></li>
-<li class="toclevel-2"><a href="#ipMatchF"><span class="tocnumber">11.12</span>
- <span class="toctext">ipMatchF</span></a></li>
-<li class="toclevel-2"><a href="#ipMatchFromFile"><span
-class="tocnumber">11.13</span> <span class="toctext">ipMatchFromFile</span></a></li>
-<li class="toclevel-2"><a href="#le"><span class="tocnumber">11.14</span>
+<li class="toclevel-2"><a href="#le"><span class="tocnumber">11.11</span>
<span class="toctext">le</span></a></li>
-<li class="toclevel-2"><a href="#lt"><span class="tocnumber">11.15</span>
+<li class="toclevel-2"><a href="#lt"><span class="tocnumber">11.12</span>
<span class="toctext">lt</span></a></li>
-<li class="toclevel-2"><a href="#pm"><span class="tocnumber">11.16</span>
+<li class="toclevel-2"><a href="#pm"><span class="tocnumber">11.13</span>
<span class="toctext">pm</span></a></li>
-<li class="toclevel-2"><a href="#pmf"><span class="tocnumber">11.17</span>
+<li class="toclevel-2"><a href="#pmf"><span class="tocnumber">11.14</span>
<span class="toctext">pmf</span></a></li>
-<li class="toclevel-2"><a href="#pmFromFile"><span class="tocnumber">11.18</span>
+<li class="toclevel-2"><a href="#pmFromFile"><span class="tocnumber">11.15</span>
<span class="toctext">pmFromFile</span></a></li>
-<li class="toclevel-2"><a href="#rbl"><span class="tocnumber">11.19</span>
+<li class="toclevel-2"><a href="#rbl"><span class="tocnumber">11.16</span>
<span class="toctext">rbl</span></a></li>
-<li class="toclevel-2"><a href="#rsub"><span class="tocnumber">11.20</span>
+<li class="toclevel-2"><a href="#rsub"><span class="tocnumber">11.17</span>
<span class="toctext">rsub</span></a></li>
-<li class="toclevel-2"><a href="#rx"><span class="tocnumber">11.21</span>
+<li class="toclevel-2"><a href="#rx"><span class="tocnumber">11.18</span>
<span class="toctext">rx</span></a></li>
-<li class="toclevel-2"><a href="#streq"><span class="tocnumber">11.22</span>
+<li class="toclevel-2"><a href="#streq"><span class="tocnumber">11.19</span>
<span class="toctext">streq</span></a></li>
-<li class="toclevel-2"><a href="#strmatch"><span class="tocnumber">11.23</span>
+<li class="toclevel-2"><a href="#strmatch"><span class="tocnumber">11.20</span>
<span class="toctext">strmatch</span></a></li>
<li class="toclevel-2"><a href="#validateByteRange"><span
-class="tocnumber">11.24</span> <span class="toctext">validateByteRange</span></a></li>
-<li class="toclevel-2"><a href="#validateDTD"><span class="tocnumber">11.25</span>
+class="tocnumber">11.21</span> <span class="toctext">validateByteRange</span></a></li>
+<li class="toclevel-2"><a href="#validateDTD"><span class="tocnumber">11.22</span>
<span class="toctext">validateDTD</span></a></li>
-<li class="toclevel-2"><a href="#validateEncryption"><span
-class="tocnumber">11.26</span> <span class="toctext">validateEncryption</span></a></li>
-<li class="toclevel-2"><a href="#validateSchema"><span class="tocnumber">11.27</span>
+<li class="toclevel-2"><a href="#validateSchema"><span class="tocnumber">11.23</span>
<span class="toctext">validateSchema</span></a></li>
<li class="toclevel-2"><a href="#validateUrlEncoding"><span
-class="tocnumber">11.28</span> <span class="toctext">validateUrlEncoding</span></a></li>
+class="tocnumber">11.24</span> <span class="toctext">validateUrlEncoding</span></a></li>
<li class="toclevel-2"><a href="#validateUtf8Encoding"><span
-class="tocnumber">11.29</span> <span class="toctext">validateUtf8Encoding</span></a></li>
-<li class="toclevel-2"><a href="#verifyCC"><span class="tocnumber">11.30</span>
+class="tocnumber">11.25</span> <span class="toctext">validateUtf8Encoding</span></a></li>
+<li class="toclevel-2"><a href="#verifyCC"><span class="tocnumber">11.26</span>
<span class="toctext">verifyCC</span></a></li>
-<li class="toclevel-2"><a href="#verifyCPF"><span class="tocnumber">11.31</span>
+<li class="toclevel-2"><a href="#verifyCPF"><span class="tocnumber">11.27</span>
<span class="toctext">verifyCPF</span></a></li>
-<li class="toclevel-2"><a href="#verifySSN"><span class="tocnumber">11.32</span>
+<li class="toclevel-2"><a href="#verifySSN"><span class="tocnumber">11.28</span>
<span class="toctext">verifySSN</span></a></li>
-<li class="toclevel-2"><a href="#within"><span class="tocnumber">11.33</span>
+<li class="toclevel-2"><a href="#within"><span class="tocnumber">11.29</span>
<span class="toctext">within</span></a></li>
</ul>
</li>
@@ -848,9 +804,9 @@
<a name="ModSecurity.C2.AE_Reference_Manual"
id="ModSecurity.C2.AE_Reference_Manual"></a><h1> <span
class="mw-headline"> ModSecurity® Reference Manual </span></h1>
-<a name="Current_as_of_v2.5.13_v2.6_and_v2.7"
-id="Current_as_of_v2.5.13_v2.6_and_v2.7"></a><h2> <span
-class="mw-headline"> Current as of v2.5.13 v2.6 and v2.7 </span></h2>
+<a name="Current_as_of_v2.5.13_and_v2.6"
+id="Current_as_of_v2.5.13_and_v2.6"></a><h2> <span class="mw-headline">
+Current as of v2.5.13 and v2.6 </span></h2>
<a name="Copyright_.C2.A9_2004-2011_Trustwave_Holdings.2C_Inc."
id="Copyright_.C2.A9_2004-2011_Trustwave_Holdings.2C_Inc."></a><h3> <span
class="mw-headline"> Copyright © 2004-2011 <a
@@ -1243,18 +1199,6 @@
title="http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf"
rel="nofollow">http://www.modsecurity.org/documentation/ModSecurity-Migration-Matrix.pdf</a>
</dd></dl>
-<dl><dd> Starting with ModSecurity 2.7.0 there are a few important
-configuration options
-</dd></dl>
-<ol><li><b>--enable-pcre-jit</b> - Enables JIT support from pcre >=
-8.20 that can improve regex performance.
-</li><li><b>--enable-cache-lua</b> - Enables lua vm caching that can
-improve lua script performance. Difference just appears if ModSecurity
-must run more than one script per transaction.
-</li><li><b>--enable-request-early</b> - On ModSecuricy 2.6 phase one
-has been moved to phase 2 hook, if you want to play around it use this
-option.
-</li></ol>
<a name="Configuration_Directives" id="Configuration_Directives"></a><h1>
<span class="mw-headline"> Configuration Directives </span></h1>
<p>The following section outlines all of the ModSecurity directives.
@@ -1301,7 +1245,7 @@
for application/x-www-form- urlencoded content.
</p><p><b>Syntax:</b> <code>SecArgumentSeparator character</code>
</p><p><b>Default:</b> &
-</p><p><b>Scope:</b> Main(< 2.7.0), Any(2.7.0)
+</p><p><b>Scope:</b> Main
</p><p><b>Version:</b> 2.0.0
</p><p>This directive is needed if a backend web application is using a
nonstandard argument separator. Applications are sometimes (very rarely)
@@ -1728,7 +1672,7 @@
frontend compression enabled.
</p><p><b>Syntax:</b> <code>SecDisableBackendCompression On|Off </code>
</p><p><b>Scope:</b> Any
-</p><p><b>Version:</b> 2.6.0
+</p><p><b>Version:</b> Development trunk
</p><p><b>Default:</b> Off
</p><p>This directive is necessary in reverse proxy mode when the
backend servers support response compression, but you wish to inspect
@@ -1737,100 +1681,6 @@
directive is not necessary in embedded mode, because ModSecurity
performs inspection before response compression takes place.
</p>
-<a name="SecEncryptionEngine" id="SecEncryptionEngine"></a><h2> <span
-class="mw-headline"> SecEncryptionEngine </span></h2>
-<p><b>Description:</b> Configures the encryption engine.
-</p><p><b>Syntax:</b> <code>SecEncryptionEngine On|Off</code>
-</p><p><b>Example Usage:</b> <code>SecEncryptionEngine On </code>
-</p><p><b>Scope</b>: Any
-</p><p><b>Version:</b> 2.7
-</p><p><b>Default:</b> Off
-</p><p>The possible values are:
-</p>
-<ul><li><b>On</b>: Encryption engine can process the request/response
-data.
-</li><li><b>Off</b>: Encryption engine will not process any data.
-</li></ul>
-<dl><dt> Note </dt><dd> Users must enable stream output variables
-and content injection.
-</dd></dl>
-<a name="SecEncryptionKey" id="SecEncryptionKey"></a><h2> <span
-class="mw-headline"> SecEncryptionKey </span></h2>
-<p><b>Description:</b> Define the key that will be used by HMAC.
-</p><p><b>Syntax:</b> <code>SecEncryptionKey rand|TEXT
-KeyOnly|SessionID|RemoteIP</code>
-</p><p><b>Example Usage:</b> <code>SecEncryptionKey "this_is_my_key"
-KeyOnly</code>
-</p><p><b>Scope</b>: Any
-</p><p><b>Version:</b> 2.7
-</p><p>ModSecurity encryption engine will append, if specified, the
-user's session id or remote ip to the key before the MAC operation. If
-the first parameter is "rand" then a random key will be generated and
-used by the engine.
-</p><p><br>
-</p>
-<a name="SecEncryptionParam" id="SecEncryptionParam"></a><h2> <span
-class="mw-headline"> SecEncryptionParam </span></h2>
-<p><b>Description:</b> Define the parameter name that will receive the
-MAC hash.
-</p><p><b>Syntax:</b> <code>SecEncryptionParam TEXT</code>
-</p><p><b>Example Usage:</b> <code>SecEncryptionKey "hmac"</code>
-</p><p><b>Scope</b>: Any
-</p><p><b>Version:</b> 2.7
-</p><p>ModSecurity encryption engine will add a new parameter to
-protected HTML elements containing the MAC hash.
-</p>
-<a name="SecEncryptionMethodRx" id="SecEncryptionMethodRx"></a><h2> <span
- class="mw-headline"> SecEncryptionMethodRx </span></h2>
-<p><b>Description:</b> Configures what kind of HTML data the encryption
-engine should sign based on regular expression.
-</p><p><b>Syntax:</b> <code>SecEncryptionMethodRx TYPE REGEX</code>
-</p><p><b>Example Usage</b>: <code>SecEncryptionMethodRx HashHref
-"product_info|list_product"</code>
-</p><p><b>Scope:</b> Any
-</p><p><b>Version:</b> 2.7.0
-</p><p>As a initial support is possible to protect HREF, FRAME, IFRAME
-and FORM ACTION html elements as well response Location header when http
- redirect code are sent.
-</p><p>The possible values for TYPE are:
-</p>
-<ul><li><b>HashHref</b>: Used to sign href= html elements
-</li><li><b>HashFormAction</b>: Used to sign form action= html elements
-</li><li><b>HashIframeSrc</b>: Used to sign iframe src= html elements
-</li><li><b>HashframeSrc</b>: Used to sign frame src= html elements
-</li><li><b>HashLocation</b>: Used to sign Location response header
-</li></ul>
-<dl><dt> Note </dt><dd> This directive is used to sign the elements
- however user must use the @validateEncryption operator to enforce data
-integrity.
-</dd></dl>
-<p><br>
-</p>
-<a name="SecEncryptionMethodPm" id="SecEncryptionMethodPm"></a><h2> <span
- class="mw-headline"> SecEncryptionMethodPm </span></h2>
-<p><b>Description:</b> Configures what kind of HTML data the encryption
-engine should sign based on string search algoritm.
-</p><p><b>Syntax:</b> <code>SecEncryptionMethodRx TYPE "string1 string2
-string3..."</code>
-</p><p><b>Example Usage</b>: <code>SecEncryptionMethodRx HashHref
-"product_info list_product"</code>
-</p><p><b>Scope:</b> Any
-</p><p><b>Version:</b> 2.7.0
-</p><p>As a initial support is possible to protect HREF, FRAME, IFRAME
-and FORM ACTION html elements as well response Location header when http
- redirect code are sent.
-</p><p>The possible values for TYPE are:
-</p>
-<ul><li><b>HashHref</b>: Used to sign href= html elements
-</li><li><b>HashFormAction</b>: Used to sign form action= html elements
-</li><li><b>HashIframeSrc</b>: Used to sign iframe src= html elements
-</li><li><b>HashframeSrc</b>: Used to sign frame src= html elements
-</li><li><b>HashLocation</b>: Used to sign Location response header
-</li></ul>
-<dl><dt> Note </dt><dd> This directive is used to sign the elements
- however user must use the @validateEncryption operator to enforce data
-integrity.
-</dd></dl>
<a name="SecGeoLookupDb" id="SecGeoLookupDb"></a><h2> <span
class="mw-headline"> SecGeoLookupDb </span></h2>
<p><b>Description</b>: Defines the path to the database that will be
@@ -1860,11 +1710,9 @@
autonumber" title="http://code.google.com/apis/safebrowsing/"
rel="nofollow">[3]</a>.
</p>
-<dl><dt> Note </dt><dd> Deprecated in 2.7.0 after Google dev team
-decided to not allow the database download anymore. After registering
-and obtaining a Safe Browsing API key, you can automatically download
-the GSB using a tool like wget (where <i><b>KEY</b></i> is your own API
-key):
+<dl><dt> Note </dt><dd> After registering and obtaining a Safe
+Browsing API key, you can automatically download the GSB using a tool
+like wget (where <i><b>KEY</b></i> is your own API key):
</dd></dl>
<p><code>wget <a
href="http://sb.google.com/safebrowsing/update?client=api&apikey=KEY&version=goog-malware-hash:1:-1"
@@ -2081,15 +1929,6 @@
title="http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html"
rel="nofollow">http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html</a>
</p>
-<a name="SecSensorId" id="SecSensorId"></a><h2> <span
-class="mw-headline"> SecSensorId </span></h2>
-<p><b>Description:</b> Define a sensor ID that will be present into log
-part H.
-</p><p><b>Syntax:</b> <code>SecSensorId TEXT </code>
-</p><p><b>Example Usage</b>: <code>SecSensorId WAFSensor01 </code>
-</p><p><b>Scope</b>: Main
-</p><p><b>Version</b>: 2.7.0
-</p>
<a name="SecWriteStateLimit" id="SecWriteStateLimit"></a><h2> <span
class="mw-headline"> SecWriteStateLimit </span></h2>
<p><b>Description:</b> Establishes a per-IP address limit of how many
@@ -2348,16 +2187,6 @@
</li><li><b>DetectionOnly</b>: process rules but never executes any
disruptive actions (block, deny, drop, allow, proxy and redirect)
</li></ul>
-<a name="SecRulePerfTime" id="SecRulePerfTime"></a><h2> <span
-class="mw-headline"> SecRulePerfTime </span></h2>
-<p><b>Description:</b> Set a performance threshold for rules. Rules that
- spends too much time will be logged into audit log Part H in the format
- id=usec.
-</p><p><b>Syntax:</b> <code>SecRulePerfTime USECS </code>
-</p><p><b>Example Usage:</b> <code>SecRulePerfTime 1000 </code>
-</p><p><b>Scope:</b> Any
-</p><p><b>Version:</b> 2.7
-</p>
<a name="SecRuleRemoveById" id="SecRuleRemoveById"></a><h2> <span
class="mw-headline"> SecRuleRemoveById </span></h2>
<p><b>Description:</b> Removes the matching rules from the current
@@ -2561,7 +2390,7 @@
</p><p><b>Version:</b> 2.6
</p><p>This directive will append (or replace) variables to the current
target list of the specified rule with the targets provided in the
-second parameter. Starting with 2.7.0 this feature supports id range.
+second parameter.
</p><p><b>Explicitly Appending Targets</b>
</p><p>This is useful for implementing exceptions where you want to
externally update a target list to exclude inspection of specific
@@ -2610,107 +2439,6 @@
</p>
<pre>SecRule REQUEST_FILENAME "@streq /path/to/file.php" "phase:1,t:none,nolog,pass,ctl:ruleUpdateTargetById=958895;REQUEST_URI;REQUEST_FILENAME"
</pre>
-<dl><dt> Note </dt><dd> This ctl is deprecated and will be removed
-from the code, since we cannot use it per-transaction.
-</dd></dl>
-<a name="SecRuleUpdateTargetByMsg" id="SecRuleUpdateTargetByMsg"></a><h2>
- <span class="mw-headline"> SecRuleUpdateTargetByMsg </span></h2>
-<p><b>Description:</b> Updates the target (variable) list of the
-specified rule by rule message.
-</p><p><b>Syntax:</b> <code>SecRuleUpdateTargetByMsg TEXT
-TARGET1[,TARGET2,TARGET3] REPLACED_TARGET</code>
-</p><p><b>Example Usage:</b> <code>SecRuleUpdateTargetByMsg "Cross-site
-Scripting (XSS) Attack" "!ARGS:foo"</code>
-</p><p><b>Scope:</b> Any
-</p><p><b>Version:</b> 2.7
-</p><p>This directive will append (or replace) variables to the current
-target list of the specified rule with the targets provided in the
-second parameter.
-</p><p><b>Explicitly Appending Targets</b>
-</p><p>This is useful for implementing exceptions where you want to
-externally update a target list to exclude inspection of specific
-variable(s).
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}"
-
-SecRuleUpdateTargetByMsg "System Command Injection" !ARGS:email
-</pre>
-<p>The effective resulting rule in the previous example will append the
-target to the end of the variable list as follows:
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:email "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}""
-</pre>
-<p><b>Explicitly Replacing Targets</b>
-</p><p>You can also entirely replace the target list to something more
-appropriate for your environment. For example, lets say you want to
-inspect REQUEST_URI instead of REQUEST_FILENAME, you could do this:
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}"
-
-SecRuleUpdateTargetByMsg "System Command Injection" REQUEST_URI REQUEST_FILENAME
-</pre>
-<p>The effective resulting rule in the previous example will append the
-target to the end of the variable list as follows:
-</p>
-<pre>SecRule REQUEST_URI|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}""
-</pre>
-<a name="SecRuleUpdateTargetByTag" id="SecRuleUpdateTargetByTag"></a><h2>
- <span class="mw-headline"> SecRuleUpdateTargetByTag </span></h2>
-<p><b>Description:</b> Updates the target (variable) list of the
-specified rule by rule tag.
-</p><p><b>Syntax:</b> <code>SecRuleUpdateTargetByTag TEXT
-TARGET1[,TARGET2,TARGET3] REPLACED_TARGET</code>
-</p><p><b>Example Usage:</b> <code>SecRuleUpdateTargetByTag
-"WEB_ATTACK/XSS" "!ARGS:foo"</code>
-</p><p><b>Scope:</b> Any
-</p><p><b>Version:</b> 2.7
-</p><p>This directive will append (or replace) variables to the current
-target list of the specified rule with the targets provided in the
-second parameter.
-</p><p><b>Explicitly Appending Targets</b>
-</p><p>This is useful for implementing exceptions where you want to
-externally update a target list to exclude inspection of specific
-variable(s).
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}"
-
-SecRuleUpdateTargetByTag "WASCTC/WASC-31" !ARGS:email
-</pre>
-<p>The effective resulting rule in the previous example will append the
-target to the end of the variable list as follows:
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:email "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}""
-</pre>
-<p><b>Explicitly Replacing Targets</b>
-</p><p>You can also entirely replace the target list to something more
-appropriate for your environment. For example, lets say you want to
-inspect REQUEST_URI instead of REQUEST_FILENAME, you could do this:
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}"
-
-SecRuleUpdateTargetByTag "WASCTC/WASC-31" REQUEST_URI REQUEST_FILENAME
-</pre>
-<p>The effective resulting rule in the previous example will append the
-target to the end of the variable list as follows:
-</p>
-<pre>SecRule REQUEST_URI|ARGS_NAMES|ARGS|XML:/* "[\;\|\`]\W*?\bmail\b" \
- "phase:2,rev:'2.1.1',capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,block,msg:'System Command Injection',id:'958895',tag:'WEB_ATTACK/COMMAND_INJECTION',tag:'WASCTC/WASC-31',tag:'OWASP_TOP_10/A1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.command_injection_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/COMMAND_INJECTION-%{matched_var_name}=%
-{tx.0}""
-</pre>
<a name="SecServerSignature" id="SecServerSignature"></a><h2> <span
class="mw-headline"> SecServerSignature </span></h2>
<p><b>Description:</b> Instructs ModSecurity to change the data
@@ -2917,7 +2645,7 @@
<p>Below is a diagram of the standard Apache Request Cycle. In the
diagram, the 5 ModSecurity processing phases are shown.
</p><p><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=File:Apache_request_cycle-modsecurity.jpg"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=File:Apache_request_cycle-modsecurity.jpg"
class="image" title="Apache request cycle-modsecurity.jpg"><img alt=""
src="Reference_Manual_files/600px-Apache_request_cycle-modsecurity.jpg"
height="459" width="600" border="0"></a>
@@ -3108,9 +2836,6 @@
<p>Contains the number of milliseconds elapsed since the beginning of
the current transaction. Available starting with 2.6.0.
</p>
-<dl><dt> Note </dt><dd> Starting with ModSecurity 2.7.0 the time is
- microseconds.
-</dd></dl>
<a name="ENV" id="ENV"></a><h2> <span class="mw-headline"> ENV </span></h2>
<p>Collection that provides access to environment variables set by
ModSecurity. Requires a single parameter to specify the name of the
@@ -3385,12 +3110,6 @@
<p>Contains the time, in microseconds, spent processing phase 5.
Available starting with 2.6.
</p>
-<a name="PERF_RULES" id="PERF_RULES"></a><h2> <span class="mw-headline">
- PERF_RULES </span></h2>
-<p>Contains the time of rules, in microseconds. Available starting with
-2.7.
-</p><p><code>SecRule PERF_RULES "@gt 1000" "id:12345,phase:5"</code>
-</p>
<a name="PERF_SREAD" id="PERF_SREAD"></a><h2> <span class="mw-headline">
PERF_SREAD </span></h2>
<p>Contains the time, in microseconds, spent reading from persistent
@@ -3898,12 +3617,6 @@
# Is the current user the administrator?
SecRule USERID "admin"
</pre>
-<a name="USERAGENT_IP" id="USERAGENT_IP"></a><h2> <span
-class="mw-headline"> USERAGENT_IP </span></h2>
-<p>This variable is created when running modsecurity with apache2.4 and
-will contains the client ip address set by mod_remoteip in proxied
-connections.
-</p>
<a name="WEBAPPID" id="WEBAPPID"></a><h2> <span class="mw-headline">
WEBAPPID </span></h2>
<p>This variable contains the current application name, which is set in
@@ -4270,7 +3983,7 @@
<dl><dt> Note </dt><dd> <b>Disruptive actions will NOT be executed
if the SecRuleEngine is set to DetectionOnly</b>. If you are creating
exception/whitelisting rules that use the allow action, you should also
-add the ctl:ruleEngine=On action to execute the action.
+add the ctl:ruleEngine=DetectionOnly action to execute the action.
</dd></dl>
<ul><li> <b>Non-disruptive action</b>s - Do something, but that
something does not and cannot affect the rule processing flow. Setting a
@@ -4287,20 +4000,6 @@
action holds the status that will be used for blocking (if it takes
place).
</li></ul>
-<a name="accuracy" id="accuracy"></a><h2> <span class="mw-headline">
-accuracy </span></h2>
-<p><b>Description:</b> Specifies the relative accuracy level of the rule
- related to false positives/negatives. The value is a string based on a
- numeric scale (1-9 where 9 is very strong and 1 has many false
-positives).
-</p><p><b>Action Group:</b> Meta-data
-</p><p><b>Version:</b> 2.7
-</p><p><b>Example:</b>
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bgetparentfolder\b" \
- "phase:2,ver:'CRS/2.2.4,accuracy:'9',maturity:'9',capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,block,msg:'Cross-site Scripting (XSS) Attack',id:'958016',tag:'WEB_ATTACK/XSS',tag:'WASCTC/WASC-8',tag:'WASCTC/WASC-22',tag:'OWASP_TOP_10/A2',tag:'OWASP_AppSensor/IE1',tag:'PCI/6.5.1',logdata:'% \
-{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}"
-</pre>
<a name="allow" id="allow"></a><h2> <span class="mw-headline"> allow </span></h2>
<p><b>Description:</b> Stops rule processing on a successful match and
allows the transaction to proceed.
@@ -4496,13 +4195,7 @@
</li><li><b>ruleRemoveById</b> - since this action us triggered at run
time, it should be specified <b>before</b> the rule in which it is
disabling.
-</li><li><b>ruleUpdateTargetById</b> - This is deprecated and will be
-removed from the code. Use ruleRemoveTargetById for per-request
-exceptions.
-</li><li><b>ruleRemoveTargetById</b>
-</li><li><b>ruleRemoveByMsg</b>
-</li><li><b>encryptionEngine</b>
-</li><li><b>encryptionEnforcement</b>
+</li><li><b>ruleUpdateTargetById</b>
</li></ol>
<p>With the exception of the requestBodyProcessor and
forceRequestBodyVariable settings, each configuration option corresponds
@@ -4611,8 +4304,7 @@
</p>
<a name="id" id="id"></a><h2> <span class="mw-headline"> id </span></h2>
<p><b>Description</b>: Assigns a unique ID to the rule or chain in which
- it appears. Starting with ModSecurity 2.7 this action is mandatory and
-must be numeric.
+ it appears.
</p><p><b>Action Group:</b> Meta-data
</p><p><b>Example:</b>
</p>
@@ -4632,22 +4324,14 @@
href="http://projects.otaku42.de/wiki/Scally-Whack" class="external
autonumber" title="http://projects.otaku42.de/wiki/Scally-Whack"
rel="nofollow">[9]</a>
-</li><li>430,000–439,999: reserved for rules published by Flameeyes <a
-href="http://www.flameeyes.eu/projects/modsec" class="external
-autonumber" title="http://www.flameeyes.eu/projects/modsec"
-rel="nofollow">[10]</a>
-</li><li>440.000-599,999: unused (available for reservation)
-</li><li>600,000-699,999: reserved for use by Akamai <a
-href="http://www.akamai.com/html/solutions/waf.html" class="external
-autonumber" title="http://www.akamai.com/html/solutions/waf.html"
-rel="nofollow">[11]</a>
+</li><li>430,000–699,999: unused (available for reservation)
</li><li>700,000–799,999: reserved for Ivan Ristic
</li><li>900,000–999,999: reserved for the OWASP ModSecurity Core Rule
Set <a
href="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
class="external autonumber"
title="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
- rel="nofollow">[12]</a> project
+ rel="nofollow">[10]</a> project
</li><li>1,000,000-1,999,999: unused (available for reservation)
</li><li>2,000,000-2,999,999: reserved for rules from Trustwave's
SpiderLabs Research team
@@ -4693,21 +4377,6 @@
as %{TX.0} or %{MATCHED_VAR}. The information is properly
escaped for use with logging of binary data.
</p>
-<a name="maturity" id="maturity"></a><h2> <span class="mw-headline">
-maturity </span></h2>
-<p><b>Description:</b> Specifies the relative maturity level of the rule
- related to the length of time a rule has been public and the amount of
-testing it has received. The value is a string based on a numeric scale
- (1-9 where 9 is extensively tested and 1 is a brand new experimental
-rule).
-</p><p><b>Action Group:</b> Meta-data
-</p><p><b>Version:</b> 2.7
-</p><p><b>Example:</b>
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bgetparentfolder\b" \
- "phase:2,ver:'CRS/2.2.4,accuracy:'9',maturity:'9',capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,block,msg:'Cross-site Scripting (XSS) Attack',id:'958016',tag:'WEB_ATTACK/XSS',tag:'WASCTC/WASC-8',tag:'WASCTC/WASC-22',tag:'OWASP_TOP_10/A2',tag:'OWASP_AppSensor/IE1',tag:'PCI/6.5.1',logdata:'% \
-{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}"
-</pre>
<a name="msg" id="msg"></a><h2> <span class="mw-headline"> msg </span></h2>
<p><b>Description:</b> Assigns a custom message to the rule or chain in
which it appears. The message will be logged along with every alert.
@@ -4786,8 +4455,7 @@
</pre>
<a name="pause" id="pause"></a><h2> <span class="mw-headline"> pause </span></h2>
<p><b>Description:</b> Pauses transaction processing for the specified
-number of milliseconds. Starting with ModSecurity 2.7 this feature also
-supports macro expansion.
+number of milliseconds.
</p><p><b>Action Group:</b> Non-disruptive
</p><p><b>Example:</b>
</p>
@@ -4810,17 +4478,6 @@
<pre># Initialize IP address tracking in phase 1
SecAction phase:1,nolog,pass,initcol:IP=%{REMOTE_ADDR}
</pre>
-<p>Starting in ModSecurity version v2.7 there are aliases for some phase
- numbers:
-</p>
-<ul><li><b>2 - request</b>
-</li><li><b>4 - response</b>
-</li><li><b>5 - logging</b>
-</li></ul>
-<p><b>Example:</b>
-</p>
-<pre>SecRule REQUEST_HEADERS:User-Agent "Test" "phase:request,log,deny"
-</pre>
<dl><dt> Warning </dt><dd> Keep in mind that if you specify the
incorrect phase, the variable used in the rule may not yet be available.
This could lead to a false negative situation where your variable and
@@ -5027,17 +4684,6 @@
application namespaces (configured using SecWebAppId), and will use one
if it is configured.
</p>
-<a name="setrsc" id="setrsc"></a><h2> <span class="mw-headline"> setrsc </span></h2>
-<p><b>Description:</b> Special-purpose action that initializes the
-RESOURCE collection using a key provided as parameter.
-</p><p><b>Action Group:</b> Non-disruptive
-</p><p><b>Example:</b>
-</p>
-<pre>SecAction "phase:1,pass,id:3,log,setrsc:'abcd1234'"
-</pre>
-<p>This action understands application namespaces (configured using
-SecWebAppId), and will use one if it is configured.
-</p>
<a name="setsid" id="setsid"></a><h2> <span class="mw-headline"> setsid </span></h2>
<p><b>Description:</b> Special-purpose action that initializes the
SESSION collection using the session token provided as parameter.
@@ -5184,16 +4830,6 @@
slashes to create a hierarchy of categories (as in the example). Since
ModSecurity 2.6.0 tag supports macro expansion.
</p>
-<a name="ver" id="ver"></a><h2> <span class="mw-headline"> ver </span></h2>
-<p><b>Description:</b> Specifies the rule set version.
-</p><p><b>Action Group:</b> Meta-data
-</p><p><b>Version:</b> 2.7
-</p><p><b>Example:</b>
-</p>
-<pre>SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bgetparentfolder\b" \
- "phase:2,ver:'CRS/2.2.4,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,block,msg:'Cross-site Scripting (XSS) Attack',id:'958016',tag:'WEB_ATTACK/XSS',tag:'WASCTC/WASC-8',tag:'WASCTC/WASC-22',tag:'OWASP_TOP_10/A2',tag:'OWASP_AppSensor/IE1',tag:'PCI/6.5.1',logdata:'% \
-{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}"
-</pre>
<a name="xmlns" id="xmlns"></a><h2> <span class="mw-headline"> xmlns </span></h2>
<p><b>Description:</b> Configures an XML namespace, which will be used
in the execution of XPath expressions.
@@ -5229,24 +4865,6 @@
<pre># Detect ".php" anywhere in the request line
SecRule REQUEST_LINE "@contains .php"
</pre>
-<a name="containsWord" id="containsWord"></a><h2> <span
-class="mw-headline"> containsWord </span></h2>
-<p><b>Description:</b> Returns true if the parameter string (with word
-boundaries) is found anywhere in the input. Macro expansion is performed
- on the parameter string before comparison.
-</p><p><b>Example:</b>
-</p>
-<pre># Detect "select" anywhere in ARGS
-SecRule ARGS "@containsWord select"
-</pre>
-<p>Would match on - <br>
--1 union <b>select</b>
-BENCHMARK(2142500,MD5(CHAR(115,113,108,109,97,112))) FROM wp_users WHERE
- ID=1 and (ascii(substr(user_login,1,1))&0x01=0) from wp_users where
- ID=1--
-</p><p>But not on - <br>
-Your site has a wide <b>select</b>ion of computers.
-</p>
<a name="endsWith" id="endsWith"></a><h2> <span class="mw-headline">
endsWith </span></h2>
<p><b>Description:</b> Returns true if the parameter string is found at
@@ -5349,7 +4967,7 @@
href="http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/util/"
class="external autonumber"
title="http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/util/"
- rel="nofollow">[13]</a> that allows the file approval mechanism to
+ rel="nofollow">[11]</a> that allows the file approval mechanism to
integrate with the ClamAV virus scanner. This is especially handy to
prevent viruses and exploits from entering the web server through file
upload.
@@ -5447,31 +5065,6 @@
</p>
<pre>SecRule REMOTE_ADDR "@ipMatch 192.168.1.100,192.168.1.50,10.10.50.0/24"
</pre>
-<a name="ipMatchF" id="ipMatchF"></a><h2> <span class="mw-headline">
-ipMatchF </span></h2>
-<p>short alias for ipMatchFromFile
-</p>
-<a name="ipMatchFromFile" id="ipMatchFromFile"></a><h2> <span
-class="mw-headline"> ipMatchFromFile </span></h2>
-<p><b>Description:</b> Performs a fast ipv4 or ipv6 match of REMOTE_ADDR
- variable, loading data from a file. Can handle the following formats:
-</p>
-<ul><li>Full IPv4 Address - 192.168.1.100
-</li><li>Network Block/CIDR Address - 192.168.1.0/24
-</li><li>Full IPv6 Address - 2001:db8:85a3:8d3:1319:8a2e:370:7348
-</li><li>Network Block/CIDR Address -
-2001:db8:85a3:8d3:1319:8a2e:370:0/24
-</li></ul>
-<p><b>Examples:</b>
-</p>
-<pre>SecRule REMOTE_ADDR "@ipMatch ips.txt"
-</pre>
-<p>The file ips.txt may contain:
-</p>
-<pre>192.168.0.1
-172.16.0.0/16
-10.0.0.0/8
-</pre>
<a name="le" id="le"></a><h2> <span class="mw-headline"> le </span></h2>
<p><b>Description:</b> Performs numerical comparison and returns true if
the input value is less than or equal to the operator parameter. Macro
@@ -5598,9 +5191,7 @@
<a name="rsub" id="rsub"></a><h2> <span class="mw-headline"> rsub </span></h2>
<p><b>Description</b>: Performs regular expression data substitution
when applied to either the STREAM_INPUT_BODY or STREAM_OUTPUT_BODY
-variables. This operator also supports macro expansion. Starting with
-ModSecurity 2.7.0 this operator supports the syntax |hex| allowing users
- to use special chars like \n \r
+variables. This operator also supports macro expansion.
</p><p><b>Syntax:</b> <code>@rsub s/regex/str/[id]</code>
</p><p><b>Examples:</b>
Removing HTML Comments from response bodies:
@@ -5614,7 +5205,7 @@
</dd></dl>
<p>Regular expressions are handled by the PCRE library <a
href="http://www.pcre.org/" class="external autonumber"
-title="http://www.pcre.org" rel="nofollow">[14]</a>. ModSecurity
+title="http://www.pcre.org" rel="nofollow">[12]</a>. ModSecurity
compiles its regular expressions with the following settings:
</p>
<ol><li>The entire input is treated as a single line, even when there
@@ -5652,7 +5243,7 @@
</pre>
<p>Regular expressions are handled by the PCRE library <a
href="http://www.pcre.org/" class="external autonumber"
-title="http://www.pcre.org" rel="nofollow">[15]</a>. ModSecurity
+title="http://www.pcre.org" rel="nofollow">[13]</a>. ModSecurity
compiles its regular expressions with the following settings:
</p>
<ol><li>The entire input is treated as a single line, even when there
@@ -5749,15 +5340,6 @@
# Validate XML payload against DTD
SecRule XML "@validateDTD /path/to/xml.dtd" "phase:2,deny,msg:'Failed DTD validation'"
</pre>
-<a name="validateEncryption" id="validateEncryption"></a><h2> <span
-class="mw-headline"> validateEncryption </span></h2>
-<p><b>Description:</b> Validates REQUEST_URI that contains data
-protected by the encryption engine.
-</p><p><b>Example:</b>
-</p>
-<pre># Validates requested URI that matches a regular expression.
-SecRule REQUEST_URI "@validateEncryption "product_info|product_list" "phase:1,deny,id:123456"
-</pre>
<a name="validateSchema" id="validateSchema"></a><h2> <span
class="mw-headline"> validateSchema </span></h2>
<p><b>Description:</b> Validates the XML DOM tree against the supplied
@@ -6233,16 +5815,16 @@
<!--
NewPP limit report
-Preprocessor node count: 793/1000000
+Preprocessor node count: 723/1000000
Post-expand include size: 0/2097152 bytes
Template argument size: 0/2097152 bytes
Expensive parser function count: 0/100
-->
-<!-- Saved in parser cache with key p_mod-security_mediawiki:pcache:idhash:12-0!1!0!!en!2!printable=1 and timestamp 20120723175510 -->
+<!-- Saved in parser cache with key p_mod-security_mediawiki:pcache:idhash:12-0!1!0!!en!2!edit=0!printable=1 and timestamp 20111219124748 -->
<div class="printfooter">
Retrieved from "<a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual">https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual</a>"</div>
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual">http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual</a>"</div>
<!-- end content -->
<div class="visualClear"></div>
</div>
@@ -6255,30 +5837,18 @@
<ul>
<li id="ca-nstab-main" class="selected"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual"
title="View the content page [alt-shift-c]" accesskey="c">Page</a></li>
<li id="ca-talk" class="new"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Talk:Reference_Manual&action=edit&redlink=1"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Talk:Reference_Manual&action=edit&redlink=1"
title="Discussion about the content page [alt-shift-t]" accesskey="t">Discussion</a></li>
- <li id="ca-edit"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit"
- title="You can edit this page.
-Please use the preview button before saving [alt-shift-e]" accesskey="e">Edit</a></li>
+ <li id="ca-viewsource"><a
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=edit"
+ title="This page is protected.
+You can view its source [alt-shift-e]" accesskey="e">View source</a></li>
<li id="ca-history"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=history"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=history"
title="Past revisions of this page [alt-shift-h]" accesskey="h">History</a></li>
- <li id="ca-delete"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=delete"
- title="Delete this page [alt-shift-d]" accesskey="d">Delete</a></li>
- <li id="ca-move"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:MovePage/Reference_Manual"
- title="Move this page [alt-shift-m]" accesskey="m">Move</a></li>
- <li id="ca-protect"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=protect"
- title="Protect this page [alt-shift-=]" accesskey="=">Protect</a></li>
- <li id="ca-watch"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&action=watch"
- title="Add this page to your watchlist [alt-shift-w]" accesskey="w">Watch</a></li>
</ul>
</div>
</div>
@@ -6288,24 +5858,6 @@
<table style="height: 4px;" rules="none" border="0" cellpadding="0"
cellspacing="0"></table>
<ul>
- <li id="pt-userpage"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=User:Brenosilva"
- title="Your user page [alt-shift-.]" accesskey="." class="new">Brenosilva</a></li>
- <li id="pt-mytalk"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=User_talk:Brenosilva"
- title="Your talk page [alt-shift-n]" accesskey="n" class="new">My talk</a></li>
- <li id="pt-preferences"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Preferences"
- title="Your preferences">My preferences</a></li>
- <li id="pt-watchlist"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Watchlist"
- title="The list of pages you are monitoring for changes [alt-shift-l]"
-accesskey="l">My watchlist</a></li>
- <li id="pt-mycontris"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Contributions/Brenosilva"
- title="List of your contributions [alt-shift-y]" accesskey="y">My
-contributions</a></li>
- <li id="pt-logout"></li>
</ul>
</div>
</div>
@@ -6313,7 +5865,7 @@
<a style="background-image:
url("/apps/mediawiki/mod-security/nfs/project/m/mo/mod-security/7/70/MediaWikiSidebarLogo.png");"
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page"
title="Visit the main page [alt-shift-z]" accesskey="z"></a>
</div>
<script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script>
@@ -6322,24 +5874,24 @@
<div class="pBody">
<ul>
<li id="n-mainpage-description"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page">Main
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Main_Page">Main
Page</a></li>
<li id="n-portal"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Community_Portal"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Community_Portal"
title="About the project, what you can do, where to find things">Community
portal</a></li>
<li id="n-currentevents"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Current_events"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=mod-security:Current_events"
title="Find background information on current events">Current events</a></li>
<li id="n-recentchanges"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChanges"
title="The list of recent changes in the wiki [alt-shift-r]"
accesskey="r">Recent changes</a></li>
<li id="n-randompage"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Random"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Random"
title="Load a random page [alt-shift-x]" accesskey="x">Random page</a></li>
<li id="n-help"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Help:Contents"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Help:Contents"
title="The place to find out">Help</a></li>
</ul>
</div>
@@ -6364,25 +5916,22 @@
<div class="pBody">
<ul>
<li id="t-whatlinkshere"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:WhatLinksHere/Reference_Manual"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:WhatLinksHere/Reference_Manual"
title="List of all wiki pages that link here [alt-shift-j]"
accesskey="j">What links here</a></li>
<li id="t-recentchangeslinked"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChangesLinked/Reference_Manual"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:RecentChangesLinked/Reference_Manual"
title="Recent changes in pages linked from this page [alt-shift-k]"
accesskey="k">Related changes</a></li>
-<li id="t-upload"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:Upload"
- title="Upload files [alt-shift-u]" accesskey="u">Upload file</a></li>
<li id="t-specialpages"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:SpecialPages"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Special:SpecialPages"
title="List of all special pages [alt-shift-q]" accesskey="q">Special
pages</a></li>
<li id="t-print"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&printable=yes&printable=yes"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&printable=yes&printable=yes"
rel="alternate" title="Printable version of this page [alt-shift-p]"
accesskey="p">Printable version</a></li> <li id="t-permalink"><a
-href="https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&oldid=507"
+href="http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual&oldid=444"
title="Permanent link to this revision of the page">Permanent link</a></li>
</ul>
</div>
@@ -6394,15 +5943,15 @@
src="Reference_Manual_files/poweredby_mediawiki_88x31.png" alt="Powered
by MediaWiki"></a></div>
<ul id="f-list">
- <li id="lastmod"> This page was last modified on 23 July 2012, at
-17:54.</li>
- <li id="viewcount">This page has been accessed 142,275 times.</li>
+ <li id="lastmod"> This page was last modified on 19 December 2011,
+at 12:16.</li>
+ <li id="viewcount">This page has been accessed 77,761 times.</li>
</ul>
</div>
</div>
<script type="text/javascript">if (window.runOnloadHook) runOnloadHook();</script>
-<!-- Served in 1.261 secs. -->
+<!-- Served in 1.177 secs. -->
<script type="text/javascript">
|
