MMultimedia
Reputation: 33
ModSecurity Block Multiple URLs with One Rule?
I was wondering if there is a way to block multiple URLs with a single rule in ModSecurity? I have a list of 30+ URLs I would like to deny and log. I know I can block a single URL with a command such as:
SecRule REQUEST_URI "/url/to/block" "phase:1,id:'1000001',log,noauditlog,deny,status:403"
Do I need to write a rule for each URL or can they all be combined into the same rule?
Upvotes: 2
Views: 4364
Answers (2)
Barry Pollard
Reputation: 46040
You've a couple of choices to avoid multiple rules:
Have a really long rule using regex or pm. For example:
SecRule REQUEST_URI "@pm url1 url2 url3...etc." \
"phase:1,id:'1000001',log,noauditlog,deny,status:403"
Or list the URLs in a file and use pmFromFile to do the matching. For example:
SecRule REQUEST_URI "@pmFromFile /path/to/urlBlacklistFile" \
"phase:1,id:'1000001',log,noauditlog,deny,status:403"
Upvotes: 3
user1422702
Reputation: 11
It should be
SecRule REQUEST_URI "@pmFromFile /path/to/urlBlacklistFile" \
"phase:1,id:'1000001',log,noauditlog,deny,status:403"
and not just @pm
Upvotes: 1
Related Questions
- Allow Mod-Security for request uri
- ModSecurity: Block all IPs except for a list of defined IPs
- ModSecurity Whitelisting for specific uri
- ModSecurity: Block simultaneous requests to multiple sites
- ModSecurity SecRule to exclude an URL from any check
- How to disable a specific mod_security rule in a specific directory?
- Apache modsecurity restrict hits per uri per unit of time
- ModSecurity for URL Whitelisting
- mod_secure script to block IPs that causes multiple 404s
- Modsecurity create config file with rules for specific URL