REQUEST_URI exact match modsecurity

Question

I need deny a portion of an url with modsecurity , example:

index.php?page_num=users

I have implemented this rule:

SecRule REQUEST_URI "/index\.php\?page_num=users" "id:10000100,phase:1,t:lowercase,deny,msg:'UsersDeny'"

It works for the URI "index.php?page_num=users" , but it also deny any characters after the users string, example:

index.php?page_num=userssadasd

How can i deny the exact URI " *index.php?page_num=users " ?

What is the rule going to accomplish? Seems odd to deny `?page=users` but not `?padding=&page=users`.. — anx, Oct 20 '20 at 22:53

score 1 · Answer 1 · answered Oct 28 '20 at 21:01

Without explicit operator the engine uses the @rx. There are two possible ways to solve this problem:

use the anchored pattern for regex, eg REQUEST_URI "^/index\.php\?page_num=users$"
use the @streq operator: REQUEST_URI "@streq /index.php?page_num=users"

1 Answers1