github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2026-01-16 08:27:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added detectXSS operator.

Felipe Zimmerle
2014-02-17 06:45:38 -08:00
parent 5b5a8663b8
commit d5211f0a0f
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Reference-Manual.mediawiki

@@ -3523,6 +3523,17 @@ Your site has a wide '''select'''ion of computers.
SecRule REQUEST_URI "@detectSQLi" "id:152" SecRule REQUEST_URI "@detectSQLi" "id:152"
</pre> </pre>
== detectXSS ==
'''Description:''' Returns true if XSS injection is found. This operator uses LibInjection to detect XSS attacks.
'''Version:''' This functionality is under testing. Currently the code is hosted under the branch: [https://github.com/SpiderLabs/ModSecurity/tree/libinject_detect_xss libinject_detect_xss].
'''Example:'''
<pre>
# Detect XSS Injection inside request body
SecRule REQUEST_BODY "\@detectXSS" "id:12345,log,deny"
</pre>
== endsWith == == endsWith ==
'''Description:''' Returns true if the parameter string is found at the end of the input. Macro expansion is performed on the parameter string before comparison. '''Description:''' Returns true if the parameter string is found at the end of the input. Macro expansion is performed on the parameter string before comparison.