From 08e651a1c815747b503b711edbb28f615ea96bfe Mon Sep 17 00:00:00 2001 From: b1v1r Date: Mon, 20 Jul 2009 18:27:50 +0000 Subject: [PATCH] Merge in some doc typos from 2.5 branch (MODSEC-77). --- doc/modsecurity2-apache-reference.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index a435b19a..58b14ccc 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -6,7 +6,7 @@ Manual - Version 2.6.0-trunk (June 2, 2009) + Version 2.6.0-trunk (July 20, 2009) 2004-2009 @@ -3843,14 +3843,14 @@ SecRule XML:/xq:employees/employee/name/text() Fred \ The following rule will ensure that an attacker does not use mixed case in order to evade the ModSecurity rule: - SecRule ARG:p "xp_cmdshell" "t:lowercase" + SecRule ARGS:p "xp_cmdshell" "t:lowercase" multiple transformation actions can be used in the same rule, for example the following rule also ensures that an attacker does not use URL encoding (%xx encoding) for evasion. Note the order of the transformation functions, which ensures that a URL encoded letter is first decoded and than translated to lower case. - SecRule ARG:p "xp_cmdshell" "t:urlDecode,t:lowercase" + SecRule ARGS:p "xp_cmdshell" "t:urlDecode,t:lowercase" One can use the SecDefaultAction command to ensure the translation occurs for every rule until the next. Note that transformation actions are @@ -4397,7 +4397,7 @@ SecRule TX:1 "(?:(?:a(dmin|nonymous)))" # this rule should be preceeded by a rule that verifies # only valid request methods (e.g. GET, HEAD and POST) are used. SecRule REQUEST_METHOD ^POST$ chain,t:none -SecRule REQUEST_HEADER:Content-Length ^$ t:none +SecRule REQUEST_HEADERS:Content-Length ^$ t:none In programming language concepts, think of chained rules @@ -5685,7 +5685,7 @@ SecRule REQUEST_HEADERS:Ip-Address "!@streq %{TX.1}"Example: - SecRule ARG:text "@validateByteRange 10, 13, 32-126" + SecRule ARGS:text "@validateByteRange 10, 13, 32-126" Note