PROBLEMRULE #1; SecRule REQUEST_URI "^/(|(.*)/)(lpt1|lpt2|lpt3|lpt4)(/|\.|\?|$)" "t:none,t:htmlEntityDecode,t:lowercase,t:removeWhitespace,block,msg:'X',id:'1000'"
PROBLEMRULE #2; SecRule REQUEST_URI "^(.*)//(.*)$" "t:none,t:removeWhitespace,block,msg:'X',id:'1001'"
// I also tried those, but no success.
SecRule REQUEST_URI "//"
SecRule REQUEST_URI "^/(.*)/(lpt1|lp...
These 2 things won't work as expected. Other rules are working fine. I want to block a request something like:
// (too many slash, NOT blocked)
/////////// (too many slash, NOT blocked)
/lpt1 (Apache returns 403, NOT from modsec. Error log: "Forbidden: (web-dir)/lpt1 doesn't point to a file or directory")
/lpt1/blah (Apache returns 403, NOT from modsec. "doesn't point to a file or directory")
/somedir/lpt4.txt (Same as above)
/somedir/lpt4 (Same as above)
/somedir/////// (* SUCCESSFULLY blocked)
I believe these regexpression is O.K., so I really want to know why mod_security2 won't block these requests. I want to block using mod_sec2, not apache.
Environment: Windows Test Web server | mod_sec2 | Apache 2.4
To moderators:
Sorry for creating another question,
because my email has been hacked and I lost my password.
Please delete http://security.stackexchange.com/questions/47000/why-these-2-regexp-wont-work-as-expected
I use THIS ONE to continue question.
To before question:
The REQUEST_URI variable doesn't include the domain or the protocol. Did you mean to add more to the end of that URL?
Yes, I know. I want mod_sec2 to deny "GET ////////"(shown in above examples). If I hit a browser hxxp: // something.mysite.com////////// REQUEST_URI become "///////", so id:1001 should be applied. Am I right?
Is the rule ID logged for the request that is successfully blocked by Mod Security?
If the mod_security rule was successfully applied, I can see mod_sec error in my apache's errorlog(including hit ID number, of course.)
"/somedir/lpt4" and other thing, are block by apache, not by mod_security. (No logs from mod_security)
LTP1?
http://www.hanselman.com/blog/NamingAFileAReservedNameInTheWindowsVistaOperatingSystem.aspx I want mod_sec to deny these ugly internal commands, so I create a rule(id:1000).
P.S. "RewriteRule" is not an option to me. I want to use mod_sec2 to do this.