Add ARGS_GET* and ARGS_POST docs.

2025-08-14 05:45:59 +03:00 · 2007-08-09 13:26:19 +00:00 · 2007-08-09 13:26:19 +00:00 · b71687c7f7
commit b71687c7f7
parent c520886e10
1 changed files with 41 additions and 5 deletions
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@ -1975,11 +1975,13 @@ SecRule REQUEST_HEADERS:Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis
      (means all arguments including the POST Payload), with a static
      parameter (matches arguments with that name), or with a regular
      expression (matches all arguments with name that matches the regular
-      expression). Note: <literal>ARGS:p</literal> will not result in any
-      invocations against the operator if argument p does not exist. Some
-      variables are actually collections, which are expanded into more
-      variables at runtime. The following example will examine all request
-      arguments:<programlisting format="linespecific">SecRule ARGS dirty</programlisting>
+      expression). To look at only the query string or body arguments, see the
+      <literal>ARGS_GET</literal> and <literal>ARGS_POST</literal>
+      collections.</para>
+
+      <para>Some variables are actually collections, which are expanded into
+      more variables at runtime. The following example will examine all
+      request arguments:<programlisting format="linespecific">SecRule ARGS dirty</programlisting>
      Sometimes, however, you will want to look only at parts of a collection.
      This can be achieved with the help of the <emphasis>selection
      operator</emphasis>(colon). The following example will only look at the
@ -2002,6 +2004,9 @@ SecRule REQUEST_HEADERS:Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis
      moreinfo="none">id_</literal>: <programlisting format="linespecific">SecRule ARGS:/^id_/ dirty</programlisting></para>

      <note>
+        <para>Using <literal>ARGS:p</literal> will not result in any
+        invocations against the operator if argument p does not exist.</para>
+
        <para>In ModSecurity 1.X, the <literal>ARGS</literal> variable stood
        for <literal>QUERY_STRING</literal> + <literal>POST_PAYLOAD</literal>,
        whereas now it expands to to individual variables.</para>
@ -2036,6 +2041,37 @@ SecRule <emphasis role="bold">ARGS_COMBINED_SIZE</emphasis> "@gt 25"</programlis
 SecRule<emphasis role="bold"> ARGS_NAMES</emphasis> "!^(p|a)$"</programlisting>
    </section>

+    <section>
+      <title><literal moreinfo="none">ARGS_GET</literal></title>
+
+      <para><literal>ARGS_GET</literal> is similar to <literal>ARGS</literal>,
+      but only contains arguments from the query string.</para>
+    </section>
+
+    <section>
+      <title><literal moreinfo="none">ARGS_GET_NAMES</literal></title>
+
+      <para><literal>ARGS_GET_NAMES</literal> is similar to
+      <literal>ARGS_NAMES</literal>, but only contains argument names from the
+      query string.</para>
+    </section>
+
+    <section>
+      <title><literal moreinfo="none">ARGS_POST</literal></title>
+
+      <para><literal>ARGS_POST</literal> is similar to
+      <literal>ARGS</literal>, but only contains arguments from the POST
+      body.</para>
+    </section>
+
+    <section>
+      <title><literal moreinfo="none">ARGS_POST_NAMES</literal></title>
+
+      <para><literal>ARGS_POST_NAMES</literal> is similar to
+      <literal>ARGS_NAMES</literal>, but only contains argument names from the
+      POST body.</para>
+    </section>
+
    <section>
      <title><literal moreinfo="none">AUTH_TYPE</literal></title>