github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Clarified which variables are URL-decoded and which aren't.

Browse Source
This commit is contained in:
ivanr 2007-07-02 13:56:13 +00:00
parent f19622b04b
commit 8cd8f42d24
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/modsecurity2-apache-reference.xml
View File

@ -2186,7 +2186,8 @@ SecRule GEO:COUNTRY_CODE "!@streq UK"</programlisting>
<title><literal moreinfo="none">QUERY_STRING</literal></title>
<para>This variable holds form data passed to the script/handler by
appending data after a question mark. Example:</para>
appending data after a question mark. Warning: Not URL-decoded.
Example:</para>
<programlisting format="linespecific">SecRule <emphasis role="bold">QUERY_STRING</emphasis> "attack"</programlisting>
</section>
@ -2323,8 +2324,7 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd"</programlisting>
<title><literal moreinfo="none">REQUEST_FILENAME</literal></title>
<para>This variable holds the relative REQUEST_URI minus the
QUERY_STRING part (e.g. /index.php). Warning: not urlDecoded.
Example:</para>
QUERY_STRING part (e.g. /index.php). Example:</para>
<programlisting format="linespecific">SecRule <emphasis role="bold">REQUEST_FILENAME</emphasis> "^/cgi-bin/login\.php$"</programlisting>
</section>