mod_security to Inspect Post Variables

Question

Can mod_security be used to inspect post variables? It looks like I can through turning SecRequestBodyAccess. I would like to check the username POST field from a form in wp-login.php. If it's value is "admin", I want to return an error and block the IP address for 10 minutes.

I've seen mod_security rules to block an IP for multiple incorrect logins but I would like to catch it before it utilizes PHP or any database requests.

score 2 · Answer 1 · edited Mar 12 '15 at 09:10

2

First enable json parser through this statement:-

SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'1213',phase:1,pass,ctl:requestBodyProcessor=JSON"

and then use the following statement:

SecRule ARGS:payload.username "@streq admin" "id:'1234' block"

edited Mar 12 '15 at 09:10

masegaloeh

17,978
9
56
104

answered Mar 12 '15 at 08:43

Kartik

21
2

mod_security to Inspect Post Variables

1 Answers1