SecRule syntax
SecRule
is the directive that is used to create ModSecurity rules. Its syntax is simple, but don't let that fool you. For almost any scenario you can imagine where you want to process a request in a certain way (whether by denying it, forwarding it or doing some more advanced processing), there is a way to use SecRule
to solve the problem.
The basic syntax of SecRule
is as follows:
SecRule Target Operator [Actions]
Target specifies what part of the request or response you want to examine. In the basic example given in the previous chapter, we used the variable named REQUEST_URI
, which contains the requested URI on the server, to identify and block any attempts to access the location /secret.html
. There are over 70 variables that can be used to create rules, meaning there is likely to be a way to match a rule in almost any circumstance where you need to create a rule.
There is also a special kind of variable called a collection that can hold several values. An example of...