Chapter 2. Writing Rules
ModSecurity is an extremely powerful and versatile web application firewall. However, to be able to utilize its power you need to learn how to tell ModSecurity what you want it to do. That is what this chapter is for—it will teach you all about writing ModSecurity rules, including some interesting uses for ModSecurity that extend beyond just blocking malicious requests (you will for example learn how to redirect requests for files to the closest server depending on where in the world a visitor is located, and you'll learn how to count the number of downloads of a binary file and store the resulting statistics in a MySQL database).
To give you a brief outline of the chapter, here is the order in which we will be looking at the business of writing ModSecurity rules:
The syntax of
SecRuleWhat variables are available and how to use them
Operators, and how they relate to variables
Regular expressions—what they are, and why they're important when writing rules
Actions—denying...
