Inspecting uploaded files
Another very useful ModSecurity feature is the ability to inspect files that have been uploaded via a POST request. So long as we have set RequestBodyBuffering to On we can then intercept the uploaded files and inspect them by using the @inspectFile operator.
To show how this works we will write a script that intercepts uploaded files and scans them with the virus scanner Clam AntiVirus. Clam AntiVirus is an open source virus scanner which you can obtain at http://www.clamav.net. Once you have installed it you can use the command clamscan <filename> to scan a file for viruses.
To intercept uploaded files we need to apply a few ModSecurity directives:
SecUploadDir /tmp/modsecurity SecTmpDir /tmp/modsecurity
This specifies where ModSecurity stores the files it extracts from the request body. We need to make sure we create the temporary directory and that the Apache user has read and write access to it.
When using @inspectFile, ModSecurity treats the script output...
