mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-15 23:55:03 +03:00
Clarified which variables are URL-decoded and which aren't.
This commit is contained in:
ivanr
parent
f19622b04b
commit
8cd8f42d24
@ -2186,7 +2186,8 @@ SecRule GEO:COUNTRY_CODE "!@streq UK"</programlisting>
|
|||||||
<title><literal moreinfo="none">QUERY_STRING</literal></title>
|
<title><literal moreinfo="none">QUERY_STRING</literal></title>
|
||||||
|
|
||||||
<para>This variable holds form data passed to the script/handler by
|
<para>This variable holds form data passed to the script/handler by
|
||||||
appending data after a question mark. Example:</para>
|
appending data after a question mark. Warning: Not URL-decoded.
|
||||||
|
Example:</para>
|
||||||
|
|
||||||
<programlisting format="linespecific">SecRule <emphasis role="bold">QUERY_STRING</emphasis> "attack"</programlisting>
|
<programlisting format="linespecific">SecRule <emphasis role="bold">QUERY_STRING</emphasis> "attack"</programlisting>
|
||||||
</section>
|
</section>
|
||||||
@ -2323,8 +2324,7 @@ SecRule XML "@validateDTD /opt/apache-frontend/conf/xml.dtd"</programlisting>
|
|||||||
<title><literal moreinfo="none">REQUEST_FILENAME</literal></title>
|
<title><literal moreinfo="none">REQUEST_FILENAME</literal></title>
|
||||||
|
|
||||||
<para>This variable holds the relative REQUEST_URI minus the
|
<para>This variable holds the relative REQUEST_URI minus the
|
||||||
QUERY_STRING part (e.g. /index.php). Warning: not urlDecoded.
|
QUERY_STRING part (e.g. /index.php). Example:</para>
|
||||||
Example:</para>
|
|
||||||
|
|
||||||
<programlisting format="linespecific">SecRule <emphasis role="bold">REQUEST_FILENAME</emphasis> "^/cgi-bin/login\.php$"</programlisting>
|
<programlisting format="linespecific">SecRule <emphasis role="bold">REQUEST_FILENAME</emphasis> "^/cgi-bin/login\.php$"</programlisting>
|
||||||
</section>
|
</section>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user