From cd62f20022085821ddc136d54ae14b15bdc87ab3 Mon Sep 17 00:00:00 2001 From: brectanus Date: Wed, 2 May 2007 17:00:13 +0000 Subject: [PATCH] Add docs for new transformations and operators. See #54, #55 and #117. --- doc/modsecurity2-apache-reference.xml | 91 +++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/doc/modsecurity2-apache-reference.xml b/doc/modsecurity2-apache-reference.xml index 2e608548..d8ec6cf8 100644 --- a/doc/modsecurity2-apache-reference.xml +++ b/doc/modsecurity2-apache-reference.xml @@ -2777,6 +2777,13 @@ SecRule XML:/xq:employees/employee/name/text() +
+ <literal>length</literal> + + This function converts the input to its numeric length (count of + characters). +
+
<literal>lowercase</literal> @@ -2876,6 +2883,27 @@ SecRule XML:/xq:employees/employee/name/text() This function calculates a SHA1 hash from input.
+ +
+ <literal>trimLeft</literal> + + This function removes whitespace from the left side of + input. +
+ +
+ <literal>trimRight</literal> + + This function removes whitespace from the right side of + input. +
+ +
+ <literal>trim</literal> + + This function removes whitespace from both the left and right + sides of input. +
@@ -3910,6 +3938,53 @@ SecRule XML:/soap:Envelope/soap:Body/q1:getInput/id() "123" phase:2,deny +
+ <literal>beginsWith</literal> + + Description: This operator is a + string comparison and returns true if the parameter value is found at + the beginning of the input. Macro expansion is performed so you may use + variable names such as %{TX.1}, etc. + + Example: + + SecRule REQUEST_LINE "!@beginsWith GET" t:none,deny,status:403 +SecRule REQUEST_ADDR "^(.*)\.\d+$" deny,status:403,capture,chain +SecRule ARGS:gw "!@beginsWith %{TX.1}" +
+ +
+ <literal>contains</literal> + + Description: This operator is a + string comparison and returns true if the parameter value is found + anywhere in the input. Macro expansion is performed so you may use + variable names such as %{TX.1}, etc. + + Example: + + SecRule REQUEST_LINE "!@contains .php " t:none,deny,status:403 +SecRule REQUEST_ADDR "^(.*)$" deny,status:403,capture,chain +SecRule ARGS:ip "!@contains %{TX.1}" +
+ +
+ <literal>endsWith</literal> + + Description: This operator is a + string comparison and returns true if the parameter value is found at + the end of the input. Macro expansion is performed so you may use + variable names such as %{TX.1}, etc. + + Example: + + SecRule REQUEST_LINE "!@endsWith HTTP/1.1" t:none,deny,status:403 +SecRule ARGS:route "!@endsWith %{REQUEST_ADDR}" t:none,deny,status:403 +
+
<literal>eq</literal> @@ -3959,6 +4034,22 @@ SecRule XML:/soap:Envelope/soap:Body/q1:getInput/id() "123" phase:2,deny@inspectFile /opt/apache/bin/inspect_script.pl"
+
+ <literal>is</literal> + + Description: This operator is a + string comparison and returns true if the parameter value matches the + input exactly. Macro expansion is performed so you may use variable + names such as %{TX.1}, etc. + + Example: + + SecRule ARGS:foo "!@is bar" t:none,deny,status:403 +SecRule REQUEST_ADDR "^(.*)$" deny,status:403,capture,chain +SecRule REQUEST_HEADERS:Ip-Address "!@is %{TX.1}" +
+
<literal>le</literal>