Re: How to add/remove multiple targets with ctl:ruleUpdateTargetById

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/

Re: How to add/remove multiple targets with ctl:ruleUpdateTargetById

You should be able to do it with something like this -

SecRule TARGET OPERATOR "phase:1,t:none,nolog,pass,ctl:'ruleUpdateTargetById=999999;ARGS:param1|!ARGS:param2'"

-Ryan

From: rm4dillo D <rm4dillo <at> gmail.com<mailto:rm4dillo <at> gmail.com>>
Date: Mon, 30 Jan 2012 11:41:43 -0600
To:
"mod-security-users <at> lists.sourceforge.net<mailto:mod-security-users <at> lists.sourceforge.net>" <mod-security-users <at> lists.sourceforge.net<mailto:mod-security-users <at> lists.sourceforge.net>>
Subject: [mod-security-users] How to add/remove multiple targets with ctl:ruleUpdateTargetById

Hi,

With the "SecRuleUpdateTargetById" directive, it's possible to add/remove multiple targets using the
following syntax:

    SecRuleUpdateTargetById 999999 !ARG:param1,!ARGS:param2

but if I try to write the same rule using the "ctl" action combined with the "ruleUpdateTargetById" option,
I'm stuck because I can't use the comma as a separator.

Any ideas?

Rm4dillo

________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from
disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/