0

Consider the following SecRule, which takes a feed from a lua script that is executed:

SecRule &TX:SQLI "@eq 1"    "id:'129793',phase:2,t:none,redirect:http://www.example.com/failed.html,msg:'SQLi Injection Payload Found'"

If SQLi is found in a request parameter, the tx.sqli variable is populated and the user is redirected to a specific webpage : http://www.example.com/failed.html.

This process works well. However, I would like to redirect the user back to the referrer address or simply refresh their page or send them back to the previous page they were on.

This may involve, for example, populating the redirect address with the referrer value. Is it possible for ModSecurity to execute this?

Henrik Pingel
  • 8,676
  • 2
  • 24
  • 38
Futh
  • 17
  • 5

1 Answers1

1

You don't necessarily know what the referring page is. And most likely there isn't one at all! Such attacks generally come from automata, not humans.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940