Trying to build a rule that will 403 any incoming traffic that doesn't contain the header X-CFKey and match a specific of X-CFKey.
I've got modsecurity testing X-CFKey value successfully but fails when the header is missing all together. I'm trying to test for the lack of presence of the header at the moment using !@contains. I am able to get @contains to pass predictably though !@contains matches on everything.
SecRule REQUEST_HEADERS_NAMES "!@contains x-cfkey" \
"id:52,log,deny,status:403,t:lowercase,msg:'Does not contain header X-CFKey'"
What am I missing here, why is !
being so unpredictable?