SecRuleRemoveById
描述:使用ID方式从上级环境中删除规则
语法:SecRuleUpdateActionById RULEID ACTIONLIST
示例:SecRuleRemoveByID 1 2 "9000-9010"
阶段:Any
范围:Any
版本:2.0.0
备注:这个指令支持多个参数,每个参数可以是一个规则ID,也可以是范围。带有空格的参数必须使用双引号括起来。
SecRuleRemoveById 1 2 5 10-20 "400-556" 673
SecRuleRemoveByMsg
描述:使用规则方式从上级环境中删除规则
语法:SecRuleRemoveByMsg REGEX
示例:SecRuleRemoveByMsg "FAIL"
阶段:Any
范围:Any
版本:2.0.0
备注:这个指令支持多个参数,每个指令是一个应用于消息的正则表达式(指定使用的消息动作)。
SecRuleScript (试验性的)
描述:这个指令创建一个特殊的规则,执行Lua脚本来决定是否匹配,和SecRule主要的不同是这个没有目的也没有操作符,这个脚本可以从ModSecurity环境中取到所有的变量,并使用(Lua)操作符来进行测试,第二个参数可选,与SecRule相同,是一些动作列表。
语法:SecRuleScript /path/to/script.lua [ACTIONS]
示例:SecRuleScript "/path/to/file.lua" "block"
阶段:Any
范围:Any
版本:2.5.0
备注:None
注意
所有的Lua脚本在配置时进行编译并存入内存,要重载脚本,你必须通过apache重启来重载整个ModSecurity配置。
示例脚本:
-- Your script must define the main entry
-- point, as below.
function main()
-- Log something at level 1. Normally you shouldn't be
-- logging anything, especially not at level 1, but this is
-- just to show you can. Useful for debugging.
m.log(1, "Hello world!");
-- Retrieve one variable.
local var1 = m.getvar("REMOTE_ADDR");
-- Retrieve one variable, applying one transformation function.
-- The second parameter is a string.
local var2 = m.getvar("ARGS", "lowercase");
-- Retrieve one variable, applying several transformation functions.
-- The second parameter is now a list. You should note that m.getvar()
-- requires the use of comma to separate collection names from
-- variable names. This is because only one variable is returned.
local var3 = m.getvar("ARGS.p", { "lowercase", "compressWhitespace" } );
-- If you want this rule to match return a string
-- containing the error message. The message must contain the name
-- of the variable where the problem is located.
-- return "Variable ARGS:p looks suspicious!"
-- Otherwise, simply return nil.
return nil;
end
第一个例子,我仅每次提取一个变量,这种情况下,你需要事先知道变量,然而很多时候,你想检查一些事先不知道的变量名字,就象下面这个例子。
Example showing use of m.getvars() to retrieve many variables at once:
function main()
-- Retrieve script parameters.
local d = m.getvars("ARGS", { "lowercase", "htmlEntityDecode" } );
-- Loop through the paramters.
for i = 1, #d do
-- Examine parameter value.
if (string.find(d[i].value, "
阅读(3464) | 评论(0) | 转发(1) |