More about collections
Let's look at some more things that can be done with collections, such as counting the number of items in a collection or filtering out collection variables using a regex.
Counting items in collections
You can count the number of items in a collection by prefixing it with an ampersand (&). For example, the following rule matches if the client does not send any cookies with his request:
SecRule &REQUEST_COOKIES "@eq 0"
You can also use the count operator to make sure that a certain field in a collection is present. If we wanted a rule to match if the User-Agent header was missing from a request we could use the following:
SecRule &REQUEST_HEADER:User-Agent "@eq 0"
The above will match if the header is missing. If instead there is a User-Agent header but it is empty the count operator would return 1, so it is important to be aware that there is a difference between a missing field and an empty one.
Tip
It is perfectly valid for a query string or POST request to...
