Creating rule on reverse proxy mod_security

Question

I built up the reverse proxy using mod_security on my system

I got problem when wrote rule on specify website

For example i have 2 websites a.com and b.com, both of them has parameter username

if i want to deny value abc on that parameter, my rule will be:

SecRule ARGS:username "@streq abc"

but i only want to deny value abc on parameter username at a.com, not b.com

what should i do?

thank in advance :)

score 0 · Accepted Answer · answered May 08 '16 at 19:06

0

Two options:

1) Only add rule to vhost of a.com

2) Make it a chained rule which also checks this:

SecRule REQUEST_HEADERS:Host "@streq a.com" "phase:2,id:12345,deny,chain"
   SecRule ARGS:"username" "@streq abc"

answered May 08 '16 at 19:06

Barry Pollard

thank you, its exactly what im looking for, little modify is ARGS:username not ARGS:"username" :) – Tsu May 09 '16 at 04:10
Not sure it matters to be honest. Anyway glad it helped. – Barry Pollard May 09 '16 at 06:37

1 Answers1