SecRule in practice
Alright, now that we have had a look at the theory of writing rules, let's start doing some real work by writing rules for more real-life situations. In this section we will look at several examples of how to write rules and rule chains to accomplish a given task.
Blocking uncommon request methods
The three most commonly used HTTP request methods are GET, POST
and HEAD
. You might be surprised to learn that the HTTP specification actually implements many more methods—if a web server supports the WebDAV (Web-based Distributed Authoring and Versioning) extensions, the total number of methods becomes almost 30. As an example, here are the request methods implemented by the latest version of Apache:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|